KIMPERSONATE(8) |
FreeBSD System Manager's Manual |
KIMPERSONATE(8) |
NAME
kimpersonate —
impersonate a user when there exist a srvtab, keyfile or KeyFile
SYNOPSIS
kimpersonate |
[ -s string | --server=string][ -c string | --client=string][ -k string | --keytab=string][ -5 | --krb5][ -e integer | --expire-time=integer][ -a string | --client-address=string][ -t string | --enc-type=string][ -f string | --ticket-flags=string][ --verbose][ --version][ --help] |
DESCRIPTION
The
kimpersonate program creates a "fake" ticket using the service-key of the service. The service key can be read from a Kerberos 5 keytab, AFS KeyFile or (if compiled with support for Kerberos 4) a Kerberos 4 srvtab. Supported options:
-
-s
string,
-
-server=
string
-
name of server principal
-
-c
string,
-
-client=
string
-
name of client principal
-
-k
string,
-
-keytab=
string
-
name of keytab file
-
-5,
-
-krb5
-
create a Kerberos 5 ticket
-
-e
integer,
-
-expire-time=
integer
-
lifetime of ticket in seconds
-
-a
string,
-
-client-address=
string
-
address of client
-
-t
string,
-
-enc-type=
string
-
encryption type
-
-f
string,
-
-ticket-flags=
string
-
ticket flags for krb5 ticket
-
-
-verbose
-
Verbose output
-
-
-version
-
Print version
-
-
-help
-
FILES
Uses
/etc/krb5.keytab,
/etc/srvtab and
/usr/afs/etc/KeyFile when available and the
-k option is used with an appropriate prefix.
EXAMPLES
kimpersonate can be used in
samba root preexec option or for debugging.
kimpersonate -s host/hummel.e.kth.se@E.KTH.SE -c lha@E.KTH.SE -5 will create a Kerberos 5 ticket for lha@E.KTH.SE for the host hummel.e.kth.se if there exists a keytab entry for it in
/etc/krb5.keytab.
AUTHORS
Love Hornquist Astrand <lha@kth.se>