/

kimpersonate (8) Linux Manual Page

ByLinux Manual Posted on Updated on

kimpersonate – impersonate a user when there exist a srvtab, keyfile or KeyFile

Synopsis

[-s string | –-server= string ] [-c string | –-client= string ] [-k string | –-keytab= string ] [-5 | –krb5 ] [-e integer | –-expire-time= integer ] [-a string | –-client-address= string ] [-t string | –-enc-type= string ] [--session-enc-type= string ] [-f string | –-ticket-flags= string ] [--verbose ] [--version ] [--help ]

Description

The program creates a "fake" ticket using the service-key of the service. The service key can be read from a Kerberos 5 keytab, AFS KeyFile or (if compiled with support for Kerberos 4) a Kerberos 4 srvtab. Supported options:

-s string , –server= string

name of server principal

-c string , –client= string

name of client principal

-k string , –keytab= string

name of keytab file

-5 , –krb5

create a Kerberos 5 ticket

-e integer , –expire-time= integer

lifetime of ticket in seconds

-a string , –client-address= string

address of client

-t string , –enc-type= string

encryption type (defaults to "aes256-cts-hmac-sha1-96")

–session-enc-type= string

session encryption type (defaults to enc-type or "des-cbc-crc" for afs service tickets)

-f string , –ticket-flags= string

ticket flags for krb5 ticket

–verbose

Verbose output

–version

Print version

–help

Files

Uses /etc/krb5.keytab, /etc/srvtab and /usr/afs/etc/KeyFile when available and the –k option is used with an appropriate prefix.

Examples

can be used in samba root preexec option or for debugging. -s host/hummel.e.kth.se [at] E.KTH.SE -c lha [at] E.KTH.SE -5 will create a Kerberos 5 ticket for lha [at] E.KTH.SE for the host hummel.e.kth.se if there exists a keytab entry for it in /etc/krb5.keytab

See Also

kinit(1), klist(1)

Authors

Love Hornquist Astrand <lha [at] kth.se>

Leave a Reply

Your email address will not be published. Required fields are marked *