You are going to get some errors such Invalid login, Authentication is denied, if you are using FAS on LVDA if you did an upgrade from 2402 or before to the latest version using your own automatization process such as Ansible for Linux. 

Snippet example:

citrix-ctxlogin[3732]: PAM unable to dlopen(/usr/lib64/security/pam_krb5.so): /usr/lib64/security/pam_krb5.so: cannot open shared object file: No such file or directory
citrix-ctxlogin[3732]: PAM adding faulty module: /usr/lib64/security/pam_krb5.so

As we can check from the logs above pam_krb5 is not installed.

Ansible automation needs to be updated to reflect the new script (Citrix) requirements.

Please re-run the ctxfascfg.sh and it will work as it will replicate all the configuration and install the pam_krb5 missing. If you want to continue using Ansible for your future references, please review the content under ctxfascfg.sh for more information/details.

The article describes what is required starting from LinuxVDA 2507 LTSR if you are upgrading from 2402 or previous versions where you are used to use Ansible to manually configure your FAS configuration with SSSD login and PAM authentication.