Sign in

    gssMonger - Tool for verifying Kerberos authentication interoperability between Windows and other platforms

    Tool for verifying Kerberos authentication interoperability between Windows and other platforms
    • Note:There are multiple files available for this download.Once you click on the "Download" button, you will be prompted to select the files you need.


      File Name:



      Date Published:


      File Size:

      122 KB

      48 KB

        This tool is used to test interoperability between Microsoft Kerberos and other implementations of Kerberos. It can also be used to look for configuration problems in heterogenous Kerberos deployments. Source code for the slave (gssmaggot) is included (including the Windows portion) -- this application is intended to be ported to other operating systems to facilitate testing.
    • Supported Operating System

      Linux, Unix, Windows 2000, Windows 2000 Advanced Server, Windows 2000 Server, Windows 2000 Service Pack 2, Windows 2000 Service Pack 3, Windows 2000 Service Pack 4, Windows Server 2003, Windows XP, Windows XP Media Center Edition

        Windows 2000 or later release.

        Makefiles included to compile on Linux and NetBSD for Cybersafe, Heimdal, and MIT Kerberos. To run on these architectures, a compiler is required. To port to other architectures or versions of Kerberos, porting experience is recommended.
      • 1. Download and unpack the distribution.
        2. If you intend to check interoperability against a non-Windows OS, you will need to compile gssmaggot (the slave) on any operating systems you want to test. The Windows gssmaggot.exe is included.
        3. run gssmaggot -spn [Kerberos server principalname] on all participating computers. On Windows, gssmaggot should be run as a service, or as a user who has the ServicePrincipalName attribute set.
        4. run gssmaster.exe +noisy /slaves [machine1,machine2... all machines running gssmaggot] /principals [user1@DOMAIN.OR.REALM:password,user2@DOMAIN.OR.REALM:password...]

        ...the application will produce a table representing the interop matrix formed by causing every gssmaggot to authenticate every principal against every other gssmaggot. If problems are found, they will be highlighted in red, and some diagnostic checks will be performed.
      • Examples:

        gssmonger -spn host/mymachine.dns.domain@MYREALM.DNS.REALM

        (note that the @REALM portion is required.)

        gssmaster /slaves mymachine,anothermachine /principals foo@BAR.COM:foos_password,baz@BLAH.COM:baz_password +noisy