NAME
kimpersonate —
impersonate a user when
there exist a keyfile or KeyFile
SYNOPSIS
kimpersonate |
[-s string |
--ccache=string]
[-s string |
--server=string]
[-c string |
--client=string]
[-k string |
--keytab=string]
[-5 |
--krb5]
[-A |
--add]
[-R |
--referral]
[-e integer |
--expire-time=integer]
[-a string |
--client-address=string]
[-t string |
--enc-type=string]
[--session-enc-type=string]
[-f string |
--ticket-flags=string]
[--verbose]
[--version]
[--help] |
DESCRIPTION
The
kimpersonate program creates a "fake" ticket
using the service-key of the service and stores it in the given (or default)
ccache. This is useful for testing. The service key can be read from a
Kerberos 5 keytab or AFS KeyFile. Supported options:
-
-
- --ccache=string
- ccache into which to store the ticket
-
-
- -s
string,
--server=string
- name of server principal
-
-
- -c
string,
--client=string
- name of client principal
-
-
- -k
string,
--keytab=string
- name of keytab file
-
-
- -5,
--krb5
- create a Kerberos 5 ticket
-
-
- -A,
--add
- don't re-initialize the ccache, instead add the ticket to
an existing ccache.
-
-
- -R,
--referral
- simulate a referrals-based KDC client by storing two
entries, one with the empty realm for the service principal name.
-
-
- -e
integer,
--expire-time=integer
- lifetime of ticket in seconds
-
-
- -a
string,
--client-address=string
- address of client
-
-
- -t
string,
--enc-type=string
- encryption type (defaults to
"aes256-cts-hmac-sha1-96")
-
-
- --session-enc-type=string
- session encryption type (defaults to enc-type or
"des-cbc-crc" for afs service tickets)
-
-
- -f
string,
--ticket-flags=string
- ticket flags for krb5 ticket
-
-
- --verbose
- Verbose output
-
-
- --version
- Print version
-
-
- --help
-
FILES
Uses
/etc/krb5.keytab, and
/usr/afs/etc/KeyFile when available and the
-k option is used with an appropriate prefix.
EXAMPLES
kimpersonate can be used in
samba root
preexec option or for debugging.
kimpersonate -s
host/hummel.e.kth.se@E.KTH.SE -c lha@E.KTH.SE -5 will create a Kerberos 5
ticket for lha@E.KTH.SE for the host hummel.e.kth.se if there exists a keytab
entry for it in
/etc/krb5.keytab.
In combination with the
ktutil command, this is useful for
testing. For example,
ktutil -k tkt add -p host/foo.test@TEST -V2 -e
aes256-cts-hmac-sha1-96 -r
kimpersonate --cache=tcc -s host/foo.test@TEST -c jdoe@TEST -k
tkt --referral
SEE ALSO
kinit(1),
klist(1)
AUTHORS
Love Hornquist Astrand <lha@kth.se>