I wrote:
> The best idea I can come up with is that the conv_proc is being called
> with zero messages and is dumping core because it tries to print the
> contents of msg[0]. However, it's far from clear why libpam would
> bother to call it with zero messages.
Hah --- found it. (Man, it is so nice working with open source that
you can actually look at...) prompter.c in pam_krb5 has
/* Skip any prompt for which the supplied default answer is the
* previously-entered password -- it's just a waste of the
* user's time. */
So it definitely is possible to call our proc with zero messages, and
whether this will happen or not is probably dependent on the behavior
of the KDC, and even then, ereport might or might not dump core depending
on the contents of the not-allocated msg[0] array member.
I will go and rewrite this function to look more like openssh's,
on the assumption that their version is probably pretty well battle
tested.
regards, tom lane