KIMPERSONATE(8) |
System Manager's Manual |
KIMPERSONATE(8) |
NAME
kimpersonate — impersonate a user when there exist a srvtab, keyfile or KeyFile
SYNOPSIS
kimpersonate |
[-s string | --server=string] [-c string | --client=string] [-k string | --keytab=string] [-5 | --krb5] [-e integer | --expire-time=integer] [-a string | --client-address=string] [-t string | --enc-type=string] [--session-enc-type=string] [-f string | --ticket-flags=string] [--verbose] [--version] [--help] |
DESCRIPTION
The
kimpersonate program creates a "fake" ticket using the service-key of the service. The service key can be read from a Kerberos 5 keytab, AFS KeyFile or (if compiled with support for Kerberos 4) a Kerberos 4 srvtab. Supported options:
-
-s string, --server=string
-
name of server principal
-
-c string, --client=string
-
name of client principal
-
-k string, --keytab=string
-
name of keytab file
-
-5, --krb5
-
create a Kerberos 5 ticket
-
-e integer, --expire-time=integer
-
lifetime of ticket in seconds
-
-a string, --client-address=string
-
address of client
-
-t string, --enc-type=string
-
encryption type (defaults to "aes256-cts-hmac-sha1-96")
-
--session-enc-type=string
-
session encryption type (defaults to enc-type or "des-cbc-crc" for afs service tickets)
-
-f string, --ticket-flags=string
-
ticket flags for krb5 ticket
-
--verbose
-
Verbose output
-
--version
-
Print version
-
--help
-
FILES
Uses /etc/krb5.keytab, /etc/srvtab and /usr/afs/etc/KeyFile when available and the -k option is used with an appropriate prefix.
EXAMPLES
kimpersonate can be used in samba root preexec option or for debugging. kimpersonate -s host/hummel.e.kth.se@E.KTH.SE -c lha@E.KTH.SE -5 will create a Kerberos 5 ticket for lha@E.KTH.SE for the host hummel.e.kth.se if there exists a keytab entry for it in /etc/krb5.keytab.
AUTHORS
Love Hornquist Astrand <lha@kth.se>