- tdgssauth is used offline to minimize the number of server TPA resets when bringing external authentication deployments and configuration fixes active.
- tdgssauth tests the following mechanisms: TD2, LDAP, Kerberos, and TDNEGO.
This tool makes use of TDGSS itself to establish a pair of security contexts based on the user's input options. One context is established to simulate the client side of a secured connection. The other context simulates the server side of a secured connection.
Once the contexts are established, the server's context is probed to determine the outcome of the authentication attempt. The user's authentication properties are acquired and displayed in human readable form. The user's name is then used to probe security policy and the results of the probe are also displayed in human readable form.
The tool can also exercise confidentiality and integrity services offered by TDGSS. Exercising these services is controlled from security policy and from command line options.
- Verify a permanent user's authentication and authorization properties using LDAP. See Example: tdgssauth Verifying a Permanent User Authentication and Authorization Properties.
- Verify an unmapped directory user. See Example: tdgssauth Verifying an Unmapped User Authentication and Authorization Parameters Using LDAP.
- Verify a mapped directory user. See Example: tdgssauth Verifying a Mapped User Parameters Using LDAP.
- Verify a database users' security properties using TD2. See Example: tdgssauth Verifying a Database User Security Properties Using TD2.
- Debug LDAP. See Example: tdgssauth Debugging LDAP.
- Debug Kerberos. See Example: Using tdgssauth to Debug Kerberos.
- Check directory users for applicable IP access restrictions, based on mappings to database users. See Testing Directory-Based IP Restrictions
- You can also use tdgssauth to test other setup parameters See:
- Testing XML-Based IP Restrictions
- Testing Directory-Based IP Restrictions
- The testing step for each operation system dependent configuration change procedure in Making Changes to TdgssUserConfigFile.xml on Database Nodes.