Zoltan Fridrich 9bf7b4
diff --color -rup a/monitor.c b/monitor.c
Zoltan Fridrich 9bf7b4
--- a/monitor.c	2022-07-11 15:11:28.146863144 +0200
Zoltan Fridrich 9bf7b4
+++ b/monitor.c	2022-07-11 15:15:35.726655877 +0200
Zoltan Fridrich 9bf7b4
@@ -376,8 +376,15 @@ monitor_child_preauth(struct ssh *ssh, s
Zoltan Fridrich 9bf7b4
 		if (ent->flags & (MON_AUTHDECIDE|MON_ALOG)) {
Zoltan Fridrich 9bf7b4
 			auth_log(ssh, authenticated, partial,
Zoltan Fridrich 9bf7b4
 			    auth_method, auth_submethod);
Zoltan Fridrich 9bf7b4
-			if (!partial && !authenticated)
Zoltan Fridrich 9bf7b4
+			if (!partial && !authenticated) {
Zoltan Fridrich 9bf7b4
+#ifdef GSSAPI
Zoltan Fridrich 9bf7b4
+				/* If gssapi-with-mic failed, MONITOR_REQ_GSSCHECKMIC is disabled.
Zoltan Fridrich 9bf7b4
+				 * We have to reenable it to try again for gssapi-keyex */
Zoltan Fridrich 9bf7b4
+				if (strcmp(auth_method, "gssapi-with-mic") == 0 && options.gss_keyex)
Zoltan Fridrich 9bf7b4
+					monitor_permit(mon_dispatch, MONITOR_REQ_GSSCHECKMIC, 1);
Zoltan Fridrich 9bf7b4
+#endif
Zoltan Fridrich 9bf7b4
 				authctxt->failures++;
Zoltan Fridrich 9bf7b4
+			}
Zoltan Fridrich 9bf7b4
 			if (authenticated || partial) {
Zoltan Fridrich 9bf7b4
 				auth2_update_session_info(authctxt,
Zoltan Fridrich 9bf7b4
 				    auth_method, auth_submethod);