A few days before I stumbled upon a problem with our OpenSSH (net-misc/openssh-5.2_p1-r3) based SFTP solution. Although passwords were not changed SFTP logins did not work any longer whereas normal SSH logins with the same accounts continued working.
The concerning – now working – SSHD config looks like this (except AllowUsers):
# this must be set to no and PasswordAuthentication to yes. Otherwise SFTP will not work!!!!
Subsystem sftp internal-sftp
Match Group sftponly
After more than one hour of trial and error I found out, that UsePAM must be set to no and PasswordAuthentication must be set to yes. All other combinations of these two options kill sftp authentication (sys-auth/pambase-20090620.1-r1 with ssh USE flag enabled).
As I am not using pam’s advanced authentication functions this deactivation is not a problem to me.
So, finally, if you encounter strange authentication issues with sftp try to disable pam auth and see if sftp authentication is working again afterwards.
PS If you know another solution to this problem or if I somehow messed up my config please let me know.