Kerberos 5 (krb5) is a computer-network authentication protocol that works on the basis of tickets to allow nodes communicating over a non-secure network to prove their identity to one another in a secure manner. The PAM (Pluggable Authentication Modules) library provides a flexible framework for user authentication and session setup / teardown. pamkrb5 is a PAM module that allows using a Kerberos password to authenticate the user. pamkrb5 is disabled in the default FreeBSD installation. pam_krb5 uses passwords for authentication, which is distinct from Kerberos native protocols like GSSAPI, which allows for login without the exchange of passwords. GSSAPI is not affected by this issue.