On Linux, root user does not need a password to login, if connection is made using Unix socket. The authentication plugin unix_socket makes it possible. If the connection with unix_socket fails, root will fallback to native_authentication.
The purpose of this task is to make the same possible on Windows. There is already a gssapi plugin, which can detect users with administrative privileges (with
MDEV-23959 one can use e.g "SID:BA" in user definition to allow administrator only).
There is a subtlety with this plugin, which is not there with unix socket. The unix_socket does not send any packets between client and server, i.e it does not need client support.
auth_gssapi on the other hand does need client support, and there will be lot of auth_gssapi unaware clients drivers (basically, everything except our own 3 drivers and MySqlConnector.NET.
Also, most of 3rd drivers are unaware of "switch authentication" which is used with alternative authentication methods in MariaDB.
Thus, to avoid failures when mariadb is used with 3rd party driver, authentication on Windows should try password-based native_authentication first, and only if it fails, fallback to passwordless auth_gssapi.
Note, that auth_gssapi and its client portion should be linked into the server and C client, to avoid different scenarios where plugin would not be found.