Updated: 2021/Apr/14

KIMPERSONATE(8)             System Manager's Manual            KIMPERSONATE(8)

     kimpersonate - impersonate a user when there exist a keyfile or KeyFile

     kimpersonate [-s string | --ccache=string] [-s string | --server=string]
                  [-c string | --client=string] [-k string | --keytab=string]
                  [-5 | --krb5] [-A | --add] [-R | --referral]
                  [-e integer | --expire-time=integer]
                  [-a string | --client-address=string]
                  [-t string | --enc-type=string] [--session-enc-type=string]
                  [-f string | --ticket-flags=string] [--verbose] [--version]

     The kimpersonate program creates a "fake" ticket using the service-key of
     the service and stores it in the given (or default) ccache.  This is
     useful for testing.  The service key can be read from a Kerberos 5 keytab
     or AFS KeyFile.  Supported options:

             ccache into which to store the ticket

     -s string, --server=string
             name of server principal

     -c string, --client=string
             name of client principal

     -k string, --keytab=string
             name of keytab file

     -5, --krb5
             create a Kerberos 5 ticket

     -A, --add
             don't re-initialize the ccache, instead add the ticket to an
             existing ccache.

     -R, --referral
             simulate a referrals-based KDC client by storing two entries, one
             with the empty realm for the service principal name.

     -e integer, --expire-time=integer
             lifetime of ticket in seconds

     -a string, --client-address=string
             address of client

     -t string, --enc-type=string
             encryption type (defaults to "aes256-cts-hmac-sha1-96")

             session encryption type (defaults to enc-type or "des-cbc-crc"
             for afs service tickets)

     -f string, --ticket-flags=string
             ticket flags for krb5 ticket

             Verbose output

             Print version


     Uses /etc/krb5.keytab, and /usr/afs/etc/KeyFile when available and the -k
     option is used with an appropriate prefix.

     kimpersonate can be used in samba root preexec option or for debugging.
     kimpersonate -s host/hummel.e.kth.se@E.KTH.SE -c lha@E.KTH.SE -5 will
     create a Kerberos 5 ticket for lha@E.KTH.SE for the host hummel.e.kth.se
     if there exists a keytab entry for it in /etc/krb5.keytab.

     In combination with the ktutil command, this is useful for testing.  For

     ktutil -k tkt add -p host/foo.test@TEST -V2 -e aes256-cts-hmac-sha1-96 -r

     kimpersonate --cache=tcc -s host/foo.test@TEST -c jdoe@TEST -k tkt

     kinit(1), klist(1)

     Love Hornquist Astrand <lha@kth.se>

NetBSD 9.99                   September 18, 2006                   NetBSD 9.99