{"id":20975193,"url":"https://github.com/cea-sec/gmsad","last_synced_at":"2025-07-24T08:38:57.503Z","repository":{"id":172698989,"uuid":"647195351","full_name":"cea-sec/gmsad","owner":"cea-sec","description":"gmsad manages Active Directory group Managed Service Account (gMSA) on Linux","archived":false,"fork":false,"pushed_at":"2024-12-19T17:47:16.000Z","size":550,"stargazers_count":30,"open_issues_count":2,"forks_count":5,"subscribers_count":6,"default_branch":"main","last_synced_at":"2025-05-14T14:44:39.690Z","etag":null,"topics":["active-directory","gmsa","group-managed-service-account","keytab","linux"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/cea-sec.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2023-05-30T09:03:48.000Z","updated_at":"2025-05-09T10:04:05.000Z","dependencies_parsed_at":null,"dependency_job_id":"f84c73a1-4a09-4537-92e4-de8d5074ab6e","html_url":"https://github.com/cea-sec/gmsad","commit_stats":null,"previous_names":["cea-sec/gmsad"],"tags_count":2,"template":false,"template_full_name":null,"purl":"pkg:github/cea-sec/gmsad","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cea-sec%2Fgmsad","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cea-sec%2Fgmsad/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cea-sec%2Fgmsad/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cea-sec%2Fgmsad/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/cea-sec","download_url":"https://codeload.github.com/cea-sec/gmsad/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cea-sec%2Fgmsad/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":266815222,"owners_count":23988563,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-07-24T02:00:09.469Z","response_time":99,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["active-directory","gmsa","group-managed-service-account","keytab","linux"],"created_at":"2024-11-19T04:40:35.031Z","updated_at":"2025-07-24T08:38:56.040Z","avatar_url":"https://github.com/cea-sec.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"# gmsad\n\n`gmsad` manages Active Directory group Managed Service Account (gMSA) on Linux.\n\nGiven the keytab of an account which has the ability to retrieve the secret of a gMSA, `gmsad` creates a keytab for the service account and renew it when necessary. It can execute an arbitrary command just after renewing the keytab.\n\n# Requirements\n\nYour Active Directory domain must be able to use group Managed Service Account which implies :\n* AD schema updated to Windows Server 2012 ([Getting Started with Group Managed Service Accounts](https://learn.microsoft.com/en-us/windows-server/security/group-managed-service-accounts/getting-started-with-group-managed-service-accounts))\n* KDS Root Key deployed ([Create the Key Distribution Services KDS Root Key](https://learn.microsoft.com/en-us/windows-server/security/group-managed-service-accounts/create-the-key-distribution-services-kds-root-key))\n\nIn addition, `gmsad` requires a working LDAPS interface on domain controllers with a valid TLS certificate.\n\n# Documentation\n\n- [Getting started with gmsad](doc/getting_started.md)\n- [Why was this tool created ?](doc/genesis.md)\n- [How does a gMSA work ?](doc/gmsa.md)\n- [Talk at SSTIC 2023 (in french)](https://www.sstic.org/2023/presentation/gmsad/)\n\n# Contributing\n\nAny contribution is welcome, be it code, bug report, packaging, documentation or translation.\n\n# License\n\ngmsad is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.\n\ngmsad is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.\n\nYou should have received a copy of the GNU General Public License along with gmsad. If not, see the gnu.org web site.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcea-sec%2Fgmsad","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fcea-sec%2Fgmsad","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcea-sec%2Fgmsad/lists"}