One question regarding Kerberos authentication in ftpd is whether the daemon supports only password authentication against the kerberos database, or if it can support authentication using a service ticket from a user who has already gotten a TGT (passwordless login).
Also, what (if any) openbsd-compatible ftp client/server implementations are there that do support krb5/gssapi for passwordless auth? Ditto for sshd; I see that if the user's login class has one of the krb* authentication styles, the password provided at login is used to authenticate as a principle against the kerberos realm. Is the only way to enable seamless ticket authentication in sshd to enable GSSAPIAuthentication? Will a user that logs in remotely via SSH and authenticates against the kerberos database (krb5 / krb5-or-pwd) get a TGT in their credential cache? I know that this is the case with a local console login... DS