1KIMPERSONATE(8)           BSD System Manager's Manual          KIMPERSONATE(8)
2

NAME

4     kimpersonate — impersonate a user when there exist a keyfile or KeyFile
5

SYNOPSIS

7     kimpersonate [-s string | --ccache=string] [-s string | --server=string]
8                  [-c string | --client=string] [-k string | --keytab=string]
9                  [-5 | --krb5] [-A | --add] [-R | --referral]
10                  [-e integer | --expire-time=integer]
11                  [-a string | --client-address=string]
12                  [-t string | --enc-type=string] [--session-enc-type=string]
13                  [-f string | --ticket-flags=string] [--verbose] [--version]
14                  [--help]
15

DESCRIPTION

17     The kimpersonate program creates a "fake" ticket using the service-key of
18     the service and stores it in the given (or default) ccache.  This is use‐
19     ful for testing.  The service key can be read from a Kerberos 5 keytab or
20     AFS KeyFile.  Supported options:
21
22     --ccache=string
23             ccache into which to store the ticket
24
25     -s string, --server=string
26             name of server principal
27
28     -c string, --client=string
29             name of client principal
30
31     -k string, --keytab=string
32             name of keytab file
33
34     -5, --krb5
35             create a Kerberos 5 ticket
36
37     -A, --add
38             don't re-initialize the ccache, instead add the ticket to an
39             existing ccache.
40
41     -R, --referral
42             simulate a referrals-based KDC client by storing two entries, one
43             with the empty realm for the service principal name.
44
45     -e integer, --expire-time=integer
46             lifetime of ticket in seconds
47
48     -a string, --client-address=string
49             address of client
50
51     -t string, --enc-type=string
52             encryption type (defaults to "aes256-cts-hmac-sha1-96")
53
54     --session-enc-type=string
55             session encryption type (defaults to enc-type or "des-cbc-crc"
56             for afs service tickets)
57
58     -f string, --ticket-flags=string
59             ticket flags for krb5 ticket
60
61     --verbose
62             Verbose output
63
64     --version
65             Print version
66
67     --help
68

FILES

70     Uses /etc/krb5.keytab, and /usr/afs/etc/KeyFile when available and the -k
71     option is used with an appropriate prefix.
72

EXAMPLES

74     kimpersonate can be used in samba root preexec option or for debugging.
75     kimpersonate -s host/hummel.e.kth.se@E.KTH.SE -c lha@E.KTH.SE -5 will
76     create a Kerberos 5 ticket for lha@E.KTH.SE for the host hummel.e.kth.se
77     if there exists a keytab entry for it in /etc/krb5.keytab.
78
79     In combination with the ktutil command, this is useful for testing.  For
80     example,
81
82     ktutil -k tkt add -p host/foo.test@TEST -V2 -e aes256-cts-hmac-sha1-96 -r
83
84     kimpersonate --cache=tcc -s host/foo.test@TEST -c jdoe@TEST -k tkt
85     --referral
86

SEE ALSO

88     kinit(1), klist(1)
89

AUTHORS

91     Love Hornquist Astrand <lha@kth.se>
92
93BSD                           September 18, 2006                           BSD
Impressum