diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Auth/Kerberos.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Auth/Kerberos.pm
index d2f61a7ec84b17da162d08fa8096202531551305..117cc347cb7e35c580ae5674610a99fe61a9b3db 100644
--- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Auth/Kerberos.pm
+++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Auth/Kerberos.pm
@@ -102,6 +102,7 @@ sub extractFormInfo {
     }
 
     # Case 5: Kerberos ticket received
+    $self->logger->debug("Kerberos ticket received: $1");
     my $data;
     eval { $data = MIME::Base64::decode($1) };
     if ($@) {
@@ -109,13 +110,18 @@ sub extractFormInfo {
         return PE_BADCREDENTIALS;
     }
     $ENV{KRB5_KTNAME} = $self->keytab;
-    my $gss_client_name;
+    $self->logger->debug( "Set KRB5_KTNAME env to " . $ENV{KRB5_KTNAME} );
     my $status = GSSAPI::Context::accept(
-        my $server_context,   GSS_C_NO_CREDENTIAL,
-        $data,                GSS_C_NO_CHANNEL_BINDINGS,
-        $gss_client_name,     undef,
-        my $gss_output_token, my $out_flags,
-        my $out_time,         my $gss_delegated_cred
+        my $server_context,
+        GSS_C_NO_CREDENTIAL,
+        $data,
+        GSS_C_NO_CHANNEL_BINDINGS,
+        my $gss_client_name,
+        undef,
+        my $gss_output_token,
+        my $out_flags,
+        my $out_time,
+        my $gss_delegated_cred
     );
     unless ($status) {
         $self->logger->error('Unable to accept security context');