Multiple ssh authentication (kerberos, unix) to display different 'password:'
 

I am using pam to have an optional kerberos authentication in order to auto init a ticket when the user logs in. The problem I run into is if the user has a separate password for the local account (shadow) and the kerberos account. In this case, the user will ssh in, and be prompted for the password twice, with no notification of which its looking for, for example:

[root@kdc01 ~]# ssh red@localhost
Password:
Password:
Last login: Thu Mar 12 19:59:39 2009 from 68.87.101.10
[red@kdc01 ~]$


Where my pam system-auth stack auth looks like:
auth required pam_env.so
auth required pam_tally.so onerr=fail deny=5
auth optional pam_krb5.so
auth sufficient pam_unix.so nullok #try_first_pass
auth requisite pam_succeed_if.so uid >= 500 quiet
auth required pam_deny.so


I would like something like:
[root@kdc01 ~]# ssh red@localhost
Kerberos Password:
Local Password:


Thanks.