Comment 4 for bug 1938144

So, I give this a try and attempted to reproduce the issue.

I set up a VM acting as the KDC, and configured sshd in it with the following options:

GSSAPIAuthentication yes
GSSAPICleanupCredentials yes
GSSAPIKeyExchange yes

I then configured an LXD container to act as the krb5 client. I created a user "john" both in the KDC and in the client, then was able to verify that kinit was working fine. With that out of the way, I tried to connect via ssh to the KDC:

$ ssh -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex -o GSSAPIKeyExchange=yes krb5.test.lan

The connection worked. I did the RH bug and tried to check if there was anything else I could do, but apparently the bug should have manifested with what I did. I also tried to start sshd by hand using the options you mentioned (plus "-o UsePam=yes"), to no avail. So I'm a bit lost here, and would also appreciate more info.

Thanks.