Not being an SSH expert, I believe perhaps this is a good question for Red Hat (since they support your stock version).
Note that we specialize on AD integration, Authentication and Privilege Management. We identified early on that Microsoft's implementation of Kerberos and the design of AD is significantly different than the "traditional"LDAP/Kerberos view of the world, that's why we have added enhancements like domain to realm mapping, mechanisms to deal with Kerberos lowercase/uppercase naming, the ability to use unique samacaccountname | unix name | UPN, identity overrides, etc.
Note that commercial customers enjoy SLA-based (standard and 24x7) support for Centrify-enhanced OpenSSH Server.