KIMPERSONATE(8) | System Manager's Manual | KIMPERSONATE(8) |
NAME¶
kimpersonate
—
impersonate a user when there exist a keyfile or KeyFile
SYNOPSIS¶
kimpersonate |
[-s string |
- -ccache= string]
[-s string |
- -server= string]
[-c string |
- -client= string]
[-k string |
- -keytab= string]
[-5 |
- -krb5 ]
[-A |
- -add ]
[-R |
- -referral ]
[-e integer |
- -expire-time= integer]
[-a string |
- -client-address= string]
[-t string |
- -enc-type= string]
[- -session-enc-type= string]
[-f string |
- -ticket-flags= string]
[- -verbose ]
[- -version ]
[- -help ] |
DESCRIPTION¶
Thekimpersonate
program creates a "fake"
ticket using the service-key of the service and stores it in the given (or
default) ccache. This is useful for testing. The service key can be read from
a Kerberos 5 keytab or AFS KeyFile. Supported options:
-
-ccache=
string- ccache into which to store the ticket
-s
string,-
-server=
string- name of server principal
-c
string,-
-client=
string- name of client principal
-k
string,-
-keytab=
string- name of keytab file
-5
,-
-krb5
- create a Kerberos 5 ticket
-A
,-
-add
- don't re-initialize the ccache, instead add the ticket to an existing ccache.
-R
,-
-referral
- simulate a referrals-based KDC client by storing two entries, one with the empty realm for the service principal name.
-e
integer,-
-expire-time=
integer- lifetime of ticket in seconds
-a
string,-
-client-address=
string- address of client
-t
string,-
-enc-type=
string- encryption type (defaults to "aes256-cts-hmac-sha1-96")
-
-session-enc-type=
string- session encryption type (defaults to enc-type or "des-cbc-crc" for afs service tickets)
-f
string,-
-ticket-flags=
string- ticket flags for krb5 ticket
-
-verbose
- Verbose output
-
-version
- Print version
-
-help
FILES¶
Uses /etc/krb5.keytab, and /usr/afs/etc/KeyFile when available and the-k
option is used with an appropriate prefix.
EXAMPLES¶
kimpersonate
can be used in
samba
root preexec option or for debugging.
kimpersonate
-s host/hummel.e.kth.se@E.KTH.SE -c
lha@E.KTH.SE -5 will create a Kerberos 5 ticket for lha@E.KTH.SE for the host
hummel.e.kth.se if there exists a keytab entry for it in
/etc/krb5.keytab.
In combination with the ktutil
command,
this is useful for testing. For example,
ktutil
-k tkt add -p host/foo.test@TEST
-V2 -e aes256-cts-hmac-sha1-96 -r
kimpersonate
--cache=tcc -s
host/foo.test@TEST -c jdoe@TEST -k tkt --referral
SEE ALSO¶
kinit(1), klist(1)AUTHORS¶
Love Hornquist Astrand <lha@kth.se>September 18, 2006 | Linux 4.19.0-10-amd64 |