macos - SSH/Kerberos not working on OSX

Question

So I have tried and tried to get my ssh to work with kerberos on Mavericks to no avail. Here are my versions:

ssh: OpenSSH_6.2p2, OSSLShim 0.9.8r 8 Dec 2011
kerberos: Heimdal 1.5.1apple1

I also tried the built in ssh with no effect as well. Here is my config:

ForwardAgent yes
GSSAPIAuthentication yes
GSSAPIDelegateCredentials yes
GSSAPIKeyExchange yes

i have checked, there are no overriding settings in my user config

After all of this, I still get prompted for a password when ssh'ing to a linux host that does work with linux clients. (I am able to successfully kinit and i do get a ticket)

Any clues what I am missing? Has anyone has this problem before.

HERE is a link to the ssh connection log. It just seems to abandon gssapi without even trying it... why????

Answer 1

NOTE ON OSX SIERRA:

It appears that Apple broke it again.... The gssapitrusdns stuff is actually a third-party contribution and Apple revved to a newer ssh that doesn't include those patches... See HERE and HERE

ORIGINAL ANSWER (pre Sierra):

Ok, so after even more head-scratching, giving up, and violent attempts to strangle my computer with a power cord, I have found the answer... Turns out, OSX need to be told to explicitly trust DNS.... Add the following line to your ssh config:

GSSAPITrustDNS yes

Source (check the 'Problems and Workarounds' section)