Tools & Downloads

The following software tools are provided as a complimentary service. There is no fee to download and use the tools, as long as you complete the required download form, download the software directly from our site, and comply with the terms of the software license agreement.

Individual use of this software is subject to the CSS Non-commercial Software License Agreement (NCSLA). Any other use of this software requires a CSS Commercial Software License Agreement (CSLA). For further information on the terms and conditions of use of this software, please review our licensing information: More

If you would like to incorporate the use of these tools to support enterprise applications, CSS provides annual technical support contracts. The scope of the technical and help desk support contract will be customized to fit the needs and requirements of the client. In addition to providing annual support contracts, CSS is frequently asked to provide training and consulting engagements in the deployment and use of these tools. Please feel free to contact us regarding your enterprise requirements. e-mail us

We welcome feedback for improvement of these tools. Please contact us with suggestions. e-mail us

Note: If you are running the Privacy Control feature in Norton Internet Security or Norton Personal Firewall, or a similar function in another application, you may experience problems reaching our download pages. For information on correcting this problem in Symantec products by passing referrer information to specific Web pages, visit the symantec.com support web site.

ADKadmin v2.2
The ADKadmin utility is designed to allow a system administrator to manage and view user and service principals (both user accounts and computer accounts) in a Microsoft Active Directory database from a UNIX or Linux host. The tool will display many of the account's attributes, including some that are not viewable through the Microsoft Management Console (MMC) interface. Accounts can be referenced by either principal or account name. The utility also provides the ability to update the Kerberos key table file on the host. Version 2.2 of ADKadmin adds support for RC4-HMAC. For more information, see the readme.
GetTicket v2.3.x
The GetTicket utility is designed to perform two useful Kerberos troubleshooting functions not covered by standard Kerberos utilities. The tool provides the ability to:

Acquire a TGT using a key table entry
Acquire a service ticket using an existing TGT
The function to acquire a service ticket is especially helpful for troubleshooting Kerberos problems where requests for initial credentials (TGTs) succeed but functions (such as Kerberos PAM logon) that require a service ticket fail. For more information, see the readme.
OpenSSH with GSSAPI and Kerberos v3.9p1
This build of the OpenSSH server (sshd) version 3.9p1 provides GSSAPI support for the SSH V2 protocol. Binaries for Linux, Solaris and HP-UX are available. Visit the OpenSSH web site for additional information about OpenSSH. For more information about this component, see the readme.

NOTE: OpenSSH versions prior to 3.7p1 include a buffer management vulnerability (see CERT® Advisory CA-2003-24 ). This version of OpenSSH incorporates the fix to this issue. Some versions of OpenSSH previously available on this web site were based upon older versions, and thus contain the vulnerability. CSS encourages you to update to the latest version.
PuTTY with GSSAPI and Kerberos v0.56b2
PuTTY is an SSH client for Windows. This enhanced version of PuTTY allows Windows PuTTY clients to use GSSAPI authentication with SSH servers that support the SSH v2 protocol, and Kerberos 5 authentication with SSH servers that support the SSH v1 protocol. This version, based on PuTTY version 0.56 beta, provides support for OpenSSH versions 3.4p1, 3.7x, 3.8p1 and 3.9p1. Visit the PuTTY home page for additional information about PuTTY. For more information about this patch, see the readme.

NOTE: PuTTY versions prior to 0.56 contain serious security holes that could allow a server to execute code on a client connecting to it. For more information about these issues, see the PuTTY home page. Some enhanced versions of PuTTY previously available on this web site were based on PuTTY versions 0.53 and 0.55, and thus contain one or more of the vulnerabilities. CSS encourages you to update to the latest version.
CSS pam_krb5.so Module v1.60.1
The CSS pam_krb5 module contains fixes for several defects found in the RedHat pam_krb5-1.60.1 distribution relating to Kerberos interoperability with Microsoft Active Directory. The patch fixes problems with a user being unable to change his or her password when it has expired, password expiration warning messages never being displayed, error messages not being displayed when a user's account is expired or locked out, and inconsistent password change prompts when an empty password is provided. Binaries for Linux, Solaris and HP-UX are available. For more information, see the readme.
  E-mail Address: