diff --git a/apps/files_external/lib/Lib/Backend/SMB.php b/apps/files_external/lib/Lib/Backend/SMB.php
index 4479ecdcaaa1c..e86ad98880c42 100644
--- a/apps/files_external/lib/Lib/Backend/SMB.php
+++ b/apps/files_external/lib/Lib/Backend/SMB.php
@@ -9,8 +9,8 @@
 namespace OCA\Files_External\Lib\Backend;
 
 use Icewind\SMB\BasicAuth;
-use Icewind\SMB\KerberosApacheAuth;
 use Icewind\SMB\KerberosAuth;
+use Icewind\SMB\KerberosTicket;
 use Icewind\SMB\Native\NativeServer;
 use Icewind\SMB\Wrapped\Server;
 use OCA\Files_External\Lib\Auth\AuthMechanism;
@@ -60,10 +60,7 @@ public function __construct(IL10N $l, Password $legacyAuth) {
 			->setLegacyAuthMechanism($legacyAuth);
 	}
 
-	/**
-	 * @return void
-	 */
-	public function manipulateStorageConfig(StorageConfig &$storage, ?IUser $user = null) {
+	public function manipulateStorageConfig(StorageConfig &$storage, ?IUser $user = null): void {
 		$auth = $storage->getAuthMechanism();
 		if ($auth->getScheme() === AuthMechanism::SCHEME_PASSWORD) {
 			if (!is_string($storage->getBackendOption('user')) || !is_string($storage->getBackendOption('password'))) {
@@ -85,33 +82,33 @@ public function manipulateStorageConfig(StorageConfig &$storage, ?IUser $user =
 						throw new \InvalidArgumentException('invalid authentication backend');
 					}
 					$credentialsStore = $auth->getCredentialsStore();
-					$kerbAuth = new KerberosApacheAuth();
+					$kerbAuth = new KerberosAuth();
+					$kerbAuth->setTicket(KerberosTicket::fromEnv());
 					// check if a kerberos ticket is available, else fallback to session credentials
-					if ($kerbAuth->checkTicket()) {
+					if ($kerbAuth->getTicket()?->isValid()) {
 						$smbAuth = $kerbAuth;
 					} else {
 						try {
 							$credentials = $credentialsStore->getLoginCredentials();
-							$user = $credentials->getLoginName();
+							$loginName = $credentials->getLoginName();
 							$pass = $credentials->getPassword();
-							preg_match('/(.*)@(.*)/', $user, $matches);
+							preg_match('/(.*)@(.*)/', $loginName, $matches);
 							$realm = $storage->getBackendOption('default_realm');
 							if (empty($realm)) {
 								$realm = 'WORKGROUP';
 							}
 							if (count($matches) === 0) {
-								$username = $user;
+								$username = $loginName;
 								$workgroup = $realm;
 							} else {
-								$username = $matches[1];
-								$workgroup = $matches[2];
+								[, $username, $workgroup] = $matches;
 							}
 							$smbAuth = new BasicAuth(
 								$username,
 								$workgroup,
 								$pass
 							);
-						} catch (\Exception $e) {
+						} catch (\Exception) {
 							throw new InsufficientDataForMeaningfulAnswerException('No session credentials saved');
 						}
 					}
@@ -125,7 +122,7 @@ public function manipulateStorageConfig(StorageConfig &$storage, ?IUser $user =
 		$storage->setBackendOption('auth', $smbAuth);
 	}
 
-	public function checkDependencies() {
+	public function checkDependencies(): array {
 		$system = \OCP\Server::get(SystemBridge::class);
 		if (NativeServer::available($system)) {
 			return [];
diff --git a/build/psalm-baseline.xml b/build/psalm-baseline.xml
index 21007bec0bf26..234fed2637c9c 100644
--- a/build/psalm-baseline.xml
+++ b/build/psalm-baseline.xml
@@ -1462,11 +1462,6 @@
       <code><![CDATA[class-string<IStorage>]]></code>
     </MoreSpecificReturnType>
   </file>
-  <file src="apps/files_external/lib/Lib/Backend/SMB.php">
-    <DeprecatedClass>
-      <code><![CDATA[new KerberosApacheAuth()]]></code>
-    </DeprecatedClass>
-  </file>
   <file src="apps/files_external/lib/Lib/Storage/SFTP.php">
     <InternalMethod>
       <code><![CDATA[put]]></code>