Authentication test tools
This is a package of tools useful for testing the various authentication
aspects of Quest Authentication Services (QAS) for Unix, Windows and Java platforms.
- gss-client, gss-server, gss-dump
Generate and consume GSS-API tokens to exercise authentication systems.
You run gss-client in one window, and gss-server in another,
the printed BASE64 encoded tokens between each other.
Detailed information about the visible GSS state is displayed.
Credential names, name types and security levels can be varied as command-line
The gss-dump tool can be used to display the content of tokens;
it uses wireshark's dissectors to do this.
Tests the krb5_kuserok() interface to QAS which permits unix
account access to Kerberos principals.
Tests the system PAM (Pluggable Authentication Module) interface.
Permits specifying the application name, user name, response strings (or live prompting), tty, host etc.
Detailed information about the upcall information and errors available via the PAM interface are displayed.
Includes simulation of the OpenSSH privsep behaviour, where part of the PAM
exchange is performed in a separate process.
(AIX systems only)
Tests the system LAM interface, calling all of AIX's authenticate()
- client.exe, server.exe
The win32 package contains Microsoft SSPI equivalents of the Unix gss-client and
gss-server tools described above.
documentation for testing interoperability
between Windows and Unix, Java or even Windows-to-Windows.
- Client, Server
The JGSS equivalent of the Unix gss-client and gss-server tools.
These tools and documentation can be
found in the gssapi/java directory of the source package.
Includes configuration documentation for use with Sun's Kerberos implementation, or
Quest Single Sign-on for Java (VSJ).