Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages

  
 
  

home | help
KIMPERSONATE(8)		    System Manager's Manual	       KIMPERSONATE(8)

NAME
       kimpersonate  --	 impersonate a user when there exist a keyfile or Key-
       File

SYNOPSIS
       kimpersonate	   [-s	      string	    |	      --ccache=string]
		    [-s		  string	   |	      --server=string]
		    [-c		 string		  |	      --client=string]
		    [-k	 string	 | --keytab=string] [-5	| --krb5] [-A |	--add]
		    [-R	| --referral]  [-e  integer  |	--expire-time=integer]
		    [-a	       string	     |	      --client-address=string]
		    [-t		 string		 |	    --enc-type=string]
		    [--session-enc-type=string]
		    [-f	   string    |	  --ticket-flags=string]   [--verbose]
		    [--version]	[--help]

DESCRIPTION
       The kimpersonate	program	creates	a "fake" ticket	using the  service-key
       of the service and stores it in the given (or default) ccache.  This is
       useful  for  testing.   The  service  key can be	read from a Kerberos 5
       keytab or AFS KeyFile.  Supported options:

       --ccache=string
	       ccache into which to store the ticket

       -s string, --server=string
	       name of server principal

       -c string, --client=string
	       name of client principal

       -k string, --keytab=string
	       name of keytab file

       -5, --krb5
	       create a	Kerberos 5 ticket

       -A, --add
	       don't re-initialize the ccache, instead add the	ticket	to  an
	       existing	ccache.

       -R, --referral
	       simulate	 a  referrals-based KDC	client by storing two entries,
	       one with	the empty realm	for the	service	principal name.

       -e integer, --expire-time=integer
	       lifetime	of ticket in seconds

       -a string, --client-address=string
	       address of client

       -t string, --enc-type=string
	       encryption type (defaults to "aes256-cts-hmac-sha1-96")

       --session-enc-type=string
	       session encryption type (defaults to enc-type or	 "des-cbc-crc"
	       for afs service tickets)

       -f string, --ticket-flags=string
	       ticket flags for	krb5 ticket

       --verbose
	       Verbose output

       --version
	       Print version

       --help

FILES
       Uses  /etc/krb5.keytab, and /usr/afs/etc/KeyFile	when available and the
       -k option is used with an appropriate prefix.

EXAMPLES
       kimpersonate can	be used	in samba root preexec option or	for debugging.
       kimpersonate -s host/hummel.e.kth.se@E.KTH.SE -c	lha@E.KTH.SE  -5  will
       create  a  Kerberos  5  ticket  for  lha@E.KTH.SE  for  the  host  hum-
       mel.e.kth.se if there exists a keytab entry for it in /etc/krb5.keytab.

       In combination with the ktutil command, this  is	 useful	 for  testing.
       For example,

       ktutil  -k tkt add -p host/foo.test@TEST	-V2 -e aes256-cts-hmac-sha1-96
       -r

       kimpersonate --cache=tcc	-s  host/foo.test@TEST	-c  jdoe@TEST  -k  tkt
       --referral

SEE ALSO
       kinit(1), klist(1)

AUTHORS
       Love Hornquist Astrand <lha@kth.se>

FreeBSD	Ports 14.quarterly    September	18, 2006	       KIMPERSONATE(8)

Want to link to this manual page? Use this URL:
<https://man.freebsd.org/cgi/man.cgi?query=kimpersonate&sektion=8&manpath=FreeBSD+Ports+14.3.quarterly>

home | help