- tdgssauth is used offline to minimize the number of server TPA resets when bringing external authentication deployments and configuration fixes live.
- tdgssauth tests the following mechanisms: TD2, LDAP, Kerberos, and TDNEGO.
This tool makes use of TDGSS itself to establish a pair of security contexts based on the user's input options. One context is established to simulate the client side of a secured connection. The other context simulates the server side of a secured connection.
Once the contexts are established, the server's context is probed to determine the outcome of the authentication attempt. The user's authentication properties are acquired and displayed in human readable form. The user's name is then used to probe security policy and the results of the probe are also displayed in human readable form.
The tool can also exercise confidentiality and integrity services offered by TDGSS. Exercising these services is controlled from security policy and from command line options.
tdgssauth is not included with Unity servers.
- Verify a permanent user's authentication and authorization properties using LDAP. See Example: tdgssauth Verifying a Permanent User's Authentication and Authorization Properties.
- Verify an unmapped directory user. See Example: tdgssauth Verifying an Unmapped User's Authentication and Authorization Parameters Using LDAP.
- Verify a database users' security properties using TD2. See Example: tdgssauth Verifying a Database User's Security Properties Using TD2.
- Debug LDAP. See Example: tdgssauth Debugging LDAP.
- Debug Kerberos. See Example: Using tdgssauth to Debug Kerberos.