msys2 / MINGW-packages

Package scripts for MinGW-w64 targets to build under MSYS2.
https://packages.msys2.org
BSD 3-Clause "New" or "Revised" License
2.21k stars 1.19k forks source link

openssh missing authentication features of Microsoft's fork Openssh_for_Windows #20567

Open edgecase14 opened 3 months ago

edgecase14 commented 3 months ago

Description / Steps to reproduce the issue

Microsoft's distribution of OpenSSH for WIndows https://github.com/PowerShell/openssh-portable supports Kerberos GSSAPI logins using the OS's integrated credentials cache. Openssh distributed with msys2 does not, but rather uses Heimdal or MIT Kerberos with a separate credentials cache. Heimdal and MIT Kerberos both had some attempts to use MSLSA credentials cache, but neither has a working implementation. For reference, Postgresql client in msys2 uses Windows SSPI directly (same as MS does with openssh-for-windows) for kerberos, and works out of the box with GSSAPI logins.

Expected behavior

1) login to windows domain account 1a) cmd> klist shows KRBTGT for domain 2) ssh to kerberos-enabled host 3) shell prompt is reached without password prompt 3a) cmd> klist now shows service ticket HOST/myhost

Actual behavior

1) login to windows domain account 2) ssh to kerberos enabled host 3) msys2 (heimdal) kinit is required first to get separate KRBTGT for MSYS otherwise passsword is requested 4) it should be noted also, that by default installing openssh hides the native C:\Windows\SYSTEM32\OpenSSH\ssh.exe in the path. uncommenting MSYS2_PATH_TYPE=inherit or adding to beginning of $PATH in .bashrc is required. Installing git for example pulls in openssh, thus requiring manual configuration to use native windows ssh client.

Verification

Windows Version

MSYS_NT-10.0-19045

MINGW environments affected

Are you willing to submit a PR?

not at this time

Biswa96 commented 2 months ago

I have tried to compile that openssh project with a custom cmake file (not complete yet). The header files in contrib/win32/win32compat/inc directory conflict with mingw-w64 headers.