Man page - kimpersonate(8)

Packages contains this manual

Package:  heimdal-clients
apt-get install heimdal-clients

Manuals in package:
• kinit.heimdal(1)
• kimpersonate(8)
• ksu.heimdal(1)
• kadmin.heimdal(1)
• string2key(8)
• kpasswd.heimdal(1)
• otpprint(1)
• kgetcred(1)
• kpagsh(1)
• ktutil.heimdal(1)
• afslog(1)
• otp(1)
• verify_krb5_conf(8)
• kf(1)
• kswitch.heimdal(1)
• kdigest(8)
• kdestroy.heimdal(1)
• klist.heimdal(1)
Documentations in package:
• heimdal-clients

Manual

---

KIMPERSONATE (8) System Manager’s Manual KIMPERSONATE (8)

NAME

kimpersonate — impersonate a user when there exist a keyfile or KeyFile

SYNOPSIS

kimpersonate [ -s string | --ccache= string ] [ -s string | --server= string ] [ -c string | --client= string ] [ -k string | --keytab= string ] [ -5 | --krb5 ] [ -A | --add ] [ -R | --referral ] [ -e integer | --expire-time= integer ] [ -a string | --client-address= string ] [ -t string | --enc-type= string ] [ --session-enc-type= string ] [ -f string | --ticket-flags= string ] [ --verbose ] [ --version ] [ --help ]

DESCRIPTION

The kimpersonate program creates a "fake" ticket using the service-key of the service and stores it in the given (or default) ccache. This is useful for testing. The service key can be read from a Kerberos 5 keytab or AFS KeyFile. Supported options:

--ccache= string

ccache into which to store the ticket

-s string , --server= string

name of server principal

-c string , --client= string

name of client principal

-k string , --keytab= string

name of keytab file

-5 , --krb5

create a Kerberos 5 ticket

-A , --add

don’t re-initialize the ccache, instead add the ticket to an existing ccache.

-R , --referral

simulate a referrals-based KDC client by storing two entries, one with the empty realm for the service principal name.

-e integer , --expire-time= integer

lifetime of ticket in seconds

-a string , --client-address= string

address of client

-t string , --enc-type= string

encryption type (defaults to "aes256-cts-hmac-sha1-96")

--session-enc-type= string

session encryption type (defaults to enc-type or "des-cbc-crc" for afs service tickets)

-f string , --ticket-flags= string

ticket flags for krb5 ticket

--verbose

Verbose output

--version

Print version

--help
FILES

Uses /etc/krb5.keytab, and /usr/afs/etc/KeyFile when available and the -k option is used with an appropriate prefix.

EXAMPLES

kimpersonate can be used in samba root preexec option or for debugging. kimpersonate -s host/hummel.e.kth.se@E.KTH.SE -c lha@E.KTH.SE -5 will create a Kerberos 5 ticket for lha@E.KTH.SE for the host hummel.e.kth.se if there exists a keytab entry for it in /etc/krb5.keytab .

In combination with the ktutil command, this is useful for testing. For example,

ktutil -k tkt add -p host/foo.test@TEST -V2 -e aes256-cts-hmac-sha1-96 -r

kimpersonate --cache=tcc -s host/foo.test@TEST -c jdoe@TEST -k tkt --referral

SEE ALSO

kinit (1), klist (1)

AUTHORS

Love Hornquist Astrand <lha@kth.se> Debian September 18, 2006 KIMPERSONATE (8)

---