NAME¶
kimpersonate
—
impersonate a user when there exist a srvtab, keyfile
or KeyFile
SYNOPSIS¶
kimpersonate |
[ -s
string |
-
-server= string ]
[-c
string |
-
-client= string ]
[-k
string |
-
-keytab= string ]
[-5 |
- -krb5 ]
[-e
integer |
-
-expire-time= integer ]
[-a
string |
-
-client-address= string ]
[-t
string |
-
-enc-type= string ]
[- -session-enc-type= string ]
[-f
string |
-
-ticket-flags= string ]
[- -verbose ]
[- -version ]
[- -help ] |
DESCRIPTION¶
The
kimpersonate
program creates a
"fake" ticket using the service-key of the service. The service key
can be read from a Kerberos 5 keytab, AFS KeyFile or (if compiled with support
for Kerberos 4) a Kerberos 4 srvtab. Supported options:
-s
string,
-
-server=
string
- name of server principal
-c
string,
-
-client=
string
- name of client principal
-k
string,
-
-keytab=
string
- name of keytab file
-5
,
-
-krb5
- create a Kerberos 5 ticket
-e
integer,
-
-expire-time=
integer
- lifetime of ticket in seconds
-a
string,
-
-client-address=
string
- address of client
-t
string,
-
-enc-type=
string
- encryption type (defaults to "aes256-cts-hmac-sha1-96")
-
-session-enc-type=
string
- session encryption type (defaults to enc-type or "des-cbc-crc"
for afs service tickets)
-f
string,
-
-ticket-flags=
string
- ticket flags for krb5 ticket
-
-verbose
- Verbose output
-
-version
- Print version
-
-help
-
FILES¶
Uses
/etc/krb5.keytab,
/etc/srvtab and
/usr/afs/etc/KeyFile when available and the
-k
option is used with an appropriate
prefix.
EXAMPLES¶
kimpersonate
can be used in
samba
root preexec option or for debugging.
kimpersonate
-s
host/hummel.e.kth.se@E.KTH.SE -c lha@E.KTH.SE -5 will create a Kerberos 5
ticket for lha@E.KTH.SE for the host hummel.e.kth.se if there exists a keytab
entry for it in
/etc/krb5.keytab.
SEE ALSO¶
kinit(1),
klist(1)
AUTHORS¶
Love Hornquist Astrand <lha@kth.se>