NAME¶
kimpersonate —
impersonate a user when there exist a srvtab, keyfile
or KeyFile
SYNOPSIS¶
kimpersonate |
[ -s
string |
-
-server=string
]
[-c
string |
-
-client=string
]
[-k
string |
-
-keytab=string
]
[-5 |
--krb5
]
[-e
integer |
-
-expire-time=integer
]
[-a
string |
-
-client-address=string
]
[-t
string |
-
-enc-type=string
]
[--session-enc-type=string
]
[-f
string |
-
-ticket-flags=string
]
[--verbose
]
[--version
]
[--help
] |
DESCRIPTION¶
The
kimpersonate program creates a
"fake" ticket using the service-key of the service. The service key
can be read from a Kerberos 5 keytab, AFS KeyFile or (if compiled with support
for Kerberos 4) a Kerberos 4 srvtab. Supported options:
-s
string,
-
-server=string- name of server principal
-c
string,
-
-client=string- name of client principal
-k
string,
-
-keytab=string- name of keytab file
-5,
--krb5- create a Kerberos 5 ticket
-e
integer,
-
-expire-time=integer- lifetime of ticket in seconds
-a
string,
-
-client-address=string- address of client
-t
string,
-
-enc-type=string- encryption type (defaults to "aes256-cts-hmac-sha1-96")
--session-enc-type=string- session encryption type (defaults to enc-type or "des-cbc-crc"
for afs service tickets)
-f
string,
-
-ticket-flags=string- ticket flags for krb5 ticket
--verbose- Verbose output
--version- Print version
--help-
FILES¶
Uses
/etc/krb5.keytab,
/etc/srvtab and
/usr/afs/etc/KeyFile when available and the
-k option is used with an appropriate
prefix.
EXAMPLES¶
kimpersonate can be used in
samba root preexec option or for debugging.
kimpersonate -s
host/hummel.e.kth.se@E.KTH.SE -c lha@E.KTH.SE -5 will create a Kerberos 5
ticket for lha@E.KTH.SE for the host hummel.e.kth.se if there exists a keytab
entry for it in
/etc/krb5.keytab.
SEE ALSO¶
kinit(1),
klist(1)
AUTHORS¶
Love Hornquist Astrand <lha@kth.se>
