1KIMPERSONATE(8) BSD System Manager's Manual KIMPERSONATE(8)
2
4 kimpersonate — impersonate a user when there exist a keyfile or KeyFile
5
7 kimpersonate [-s string | --ccache=string] [-s string | --server=string]
8 [-c string | --client=string] [-k string | --keytab=string]
9 [-5 | --krb5] [-A | --add] [-R | --referral]
10 [-e integer | --expire-time=integer]
11 [-a string | --client-address=string]
12 [-t string | --enc-type=string] [--session-enc-type=string]
13 [-f string | --ticket-flags=string] [--verbose] [--version]
14 [--help]
15
17 The kimpersonate program creates a "fake" ticket using the service-key of
18 the service and stores it in the given (or default) ccache. This is use‐
19 ful for testing. The service key can be read from a Kerberos 5 keytab or
20 AFS KeyFile. Supported options:
21
22 --ccache=string
23 ccache into which to store the ticket
24
25 -s string, --server=string
26 name of server principal
27
28 -c string, --client=string
29 name of client principal
30
31 -k string, --keytab=string
32 name of keytab file
33
34 -5, --krb5
35 create a Kerberos 5 ticket
36
37 -A, --add
38 don't re-initialize the ccache, instead add the ticket to an
39 existing ccache.
40
41 -R, --referral
42 simulate a referrals-based KDC client by storing two entries, one
43 with the empty realm for the service principal name.
44
45 -e integer, --expire-time=integer
46 lifetime of ticket in seconds
47
48 -a string, --client-address=string
49 address of client
50
51 -t string, --enc-type=string
52 encryption type (defaults to "aes256-cts-hmac-sha1-96")
53
54 --session-enc-type=string
55 session encryption type (defaults to enc-type or "des-cbc-crc"
56 for afs service tickets)
57
58 -f string, --ticket-flags=string
59 ticket flags for krb5 ticket
60
61 --verbose
62 Verbose output
63
64 --version
65 Print version
66
67 --help
68
70 Uses /etc/krb5.keytab, and /usr/afs/etc/KeyFile when available and the -k
71 option is used with an appropriate prefix.
72
74 kimpersonate can be used in samba root preexec option or for debugging.
75 kimpersonate -s host/hummel.e.kth.se@E.KTH.SE -c lha@E.KTH.SE -5 will
76 create a Kerberos 5 ticket for lha@E.KTH.SE for the host hummel.e.kth.se
77 if there exists a keytab entry for it in /etc/krb5.keytab.
78
79 In combination with the ktutil command, this is useful for testing. For
80 example,
81
82 ktutil -k tkt add -p host/foo.test@TEST -V2 -e aes256-cts-hmac-sha1-96 -r
83
84 kimpersonate --cache=tcc -s host/foo.test@TEST -c jdoe@TEST -k tkt
85 --referral
86
88 kinit(1), klist(1)
89
91 Love Hornquist Astrand <lha@kth.se>
92
93BSD September 18, 2006 BSD