openPAM and Kerberos in FreeBSD13

Hi all,

I'm trying to get SSH and Kerberos working on my FreeBSD13 machine.  I
can authenticate to the KDC using kinit, no problem, but no amount of
playing will allow me to login to a machine using SSHD and PAM.

Have played with /etc/pam.d/system and /etc/pam.d/sshd endlessly.

The KDC/KADMIN server is another FreeBSD13 machine, and seems to
function correctly as it is being used actively.

The PAM-failing client machine has a keytab file with a dedicated
host-key so the KDC knows about it.  PAM provides no useful errors of
any kind.

Use of kinit on my PAM-failing test machine causes log entries to appear
on the KDC's /var/heimdal/kdc.log, but PAM activity doesn't appear in
logs at all, as if it's not even trying to connect.  There's some
disconnect that I don't understand.

Thanks for any URLs, leading-questions, or other pointers.  I strongly
suspect there's Some Simple Thing I haven't done correctly.

Thanks for reading,

--MCV.