Basic Auth Not Getting Credentials from Client

[analogtypist]

We are running apache httpd 2.4.51 with mod_auth_gssapi 1.6.3 on CentOS Stream 9 and attempting to tie it to our FreeIPA deployment.

When using the Negotiate method, clients joined to FreeIPA are able to auth correctly to apache. When a fallback to basic auth occurs though (such as for external clients or Windows systems which are not joined to FreeIPA), authentication fails, with the exact error message reported in the Apache logs being the one shown below:

[auth_gssapi:error] [pid 8613:tid 8758] [client 172.16.1.2:52886] GSS ERROR In Basic Auth: gss_acquire_cred_with_password() failed: [No credentials were supplied, or the credentials were unavailable or inaccessible (Pre-authentication failed: Invalid argument)]

The section of our Apache config pertaining to GSSAPI is below as well:

    AuthType GSSAPI
    AuthName "Login"
    GssapiBasicAuth On
    GssapiBasicAuthMech krb5
    GssapiNegotiateOnce On
    GssapiLocalName On
    GssapiCredStore keytab:/etc/httpd/conf/httpd.keytab
    GssapiUseSessions On
    Session On
    SessionCookieName gssapi_session path=/;httponly;secure;
    BrowserMatch Windows gssapi-no-negotiate
    Require valid-user

[analogtypist]

We were able to determine that this is being caused by FreeIPA's OTP feature. Turning off OTP allows authentication to succeed. How can we configure mod_gssapi such that it will work properly with FreeIPA's OTP functionality?