Low-Earth-Orbit (LEO) satellite constellations are becoming the necessary infrastructure in the future. However, the secure operation of LEO constellations is faced with severe risks. Specifically, LEO satellites are constantly orbiting and their channel interfaces are open. The adversary in hostile regions can leverage the global footprint to inject malicious traffic via access satellites. That is, LEO satellites are susceptible to physical and cyber attacks. Therefore, access authentication regarding terrestrial users (TUs) is crucial to ensure the secure operation of LEO constellations. The traditional on-orbit authentication frameworks usually presume that satellites are reliable and mutually trusted, thus one could rely on access satellites to perform authentication. In practice, however, physical and cyber attacks could bring down the satellites (causing fail-stop fault) or even hijack the satellites (causing Byzantine fault). This fact requires that the access authentication framework installed on LEO constellations should be fault-tolerant. In this paper, we aim to achieve Byzantine fault tolerance in access authentication for LEO satellite networks by properly integrating PBFT consensus protocol with traditional on-orbit authentication. Based on the topology characteristics of LEO constellations, we analytically derive the consensus probability, authentication accuracy, and communication overhead under PBFT-based authentication. To reduce the communication overhead, we propose to partition the constellation into multiple consensus groups, and devise a hierarchical PBFT (HPBFT) protocol. Simulation results based on Starlink Shell-I constellation indicate that HPBFT-based authentication could reduce the communication overhead (by an order of magnitude) and maintain almost the same authentication accuracy compared to PBFT-based authentication.