In OpenBSD Commit ID 9c4305631d20c2d194661504ce11e1f68b20d93e sshd_config parser was switched to a newer tokanizer. As a result of this, a new bug was introduced that causes the parser to ignore AuthorizedPrincipalsCommand if AuthorizedKeysCommand is also set. To Reproduce Set AuthorizedPrincipalsCommand and AuthorizedPrincipalsCommandUser to a valid value in sshd_config. Set AuthorizedKeysCommand and AuthorizedKeysCommandUser to a valid value. Suggest using a script that will touch a file to prove it was executed. Reload sshd and login. AuthprizedKeysCommand will not be executed. Remove AuthorizedKeysCommand from the sshd_config and it will work. Suggested patch is attached.
Created attachment 3698 [details] Suggested fix
Created attachment 3699 [details] minimal fix I think this should fix it without adding additional code.
committed as fcd78e31 and will be in the 9.4 release, due in a few months. Thanks!