search for: krb5_verify_user_lrealm

...lt realms, at least for HEIMDAL. It should be fine if sshd uses all default realms or all realms defined in /etc/krb5.conf. For HEIMDAL I replaced the line "problem = krb5_verify_user(authctxt->krb5_ctx, authctxt->krb5_user, ccache, password, 1, NULL);" by a line "problem = krb5_verify_user_lrealm(authctxt->krb5_ctx, authctxt->krb5_user, ccache, password, 1, NULL);" in the file auth-krb5.c and the Kerberos password authentication takes into account all locally defined realms in /etc/krb5.conf file. I did not try to modify the file for mit-krb5 kerberos distribution. I use heimda...