Kevin, it looks like pam_gss is doing the right thing. Namely, it's passing a username and password into gss_acquire_cred_with_password, which means an identity and password should already be given as an input to the ui. In that case, I'd expect us to look up a trust anchor if present, but use the supplied identity. Can you take a look? Also, the segfault is interesting.