openssh missing authentication features of Microsoft's fork Openssh_for_Windows

[edgecase14]

Description / Steps to reproduce the issue

Microsoft's distribution of OpenSSH for WIndows https://github.com/PowerShell/openssh-portable supports Kerberos GSSAPI logins using the OS's integrated credentials cache. Openssh distributed with msys2 does not, but rather uses Heimdal or MIT Kerberos with a separate credentials cache. Heimdal and MIT Kerberos both had some attempts to use MSLSA credentials cache, but neither has a working implementation. For reference, Postgresql client in msys2 uses Windows SSPI directly (same as MS does with openssh-for-windows) for kerberos, and works out of the box with GSSAPI logins.

Expected behavior

1. login to windows domain account 1a) cmd> klist shows KRBTGT for domain
2. ssh to kerberos-enabled host
3. shell prompt is reached without password prompt 3a) cmd> klist now shows service ticket HOST/myhost

Actual behavior

1. login to windows domain account
2. ssh to kerberos enabled host
3. msys2 (heimdal) kinit is required first to get separate KRBTGT for MSYS otherwise passsword is requested
4. it should be noted also, that by default installing openssh hides the native C:\Windows\SYSTEM32\OpenSSH\ssh.exe in the path. uncommenting MSYS2_PATH_TYPE=inherit or adding to beginning of $PATH in .bashrc is required. Installing git for example pulls in openssh, thus requiring manual configuration to use native windows ssh client.

Verification

• [X] I have verified that my MSYS2 is up-to-date before submitting the report (see https://www.msys2.org/docs/updating/)

Windows Version

MSYS_NT-10.0-19045

MINGW environments affected

• [ ] MINGW64
• [ ] MINGW32
• [ ] UCRT64
• [ ] CLANG64
• [ ] CLANG32
• [ ] CLANGARM64

Are you willing to submit a PR?

not at this time

[Biswa96]

I have tried to compile that openssh project with a custom cmake file (not complete yet). The header files in contrib/win32/win32compat/inc directory conflict with mingw-w64 headers.