Brief answer is "no" for both questions. But this does not mean that such task is impossible, just that nobody used to pay attention to it cause in theory I see no reasons why this can not be done.
Trusted authentication has 2 steps. First, client should pass to the server context of logged in user. Next server determines login name for that context. If we find in linux (not sure where should they be - in sambe? in pam?) calls performing same tasks compiling plugin for linux will not be a problem. List of required API functions FYI is : AcquireCredentialsHandle, DeleteSecurityContext, FreeCredentialsHandle, QueryContextAttributes, FreeContextBuffer, InitializeSecurityContext, AcceptSecurityContext, GetTokenInformation, AllocateAndInitializeSid, EqualSid, FreeSid May be I missed one or two but suppose that's not critical for now.
