Manual Pages  — KIMPERSONATE

kimpersonate – impersonate a user when there exist a srvtab, keyfile or KeyFile

SYNOPSIS DESCRIPTION FILES EXAMPLES SEE ALSO AUTHORS

kimpersonate [-s string | -server= string] [-c string | -client= string] [-k string | -keytab= string] [-5 | -krb5] [-e integer | -expire-time= integer] [-a string | -client-address= string] [-t string | -enc-type= string] [-f string | -ticket-flags= string] [-verbose] [-version] [-help]

The kimpersonate program creates a "fake" ticket using the service-key of the service. The service key can be read from a Kerberos 5 keytab, AFS KeyFile or (if compiled with support for Kerberos 4) a Kerberos 4 srvtab. Supported options:

-s string, -server= string
	name of server principal
-c string, -client= string
	name of client principal
-k string, -keytab= string
	name of keytab file
-5 -, -krb5
	create a Kerberos 5 ticket
-e integer, -expire-time= integer
	lifetime of ticket in seconds
-a string, -client-address= string
	address of client
-t string, -enc-type= string
	encryption type
-f string, -ticket-flags= string
	ticket flags for krb5 ticket
-verbose
	Verbose output
-version
	Print version
-help

Uses /etc/krb5.keytab, /etc/srvtab and /usr/afs/etc/KeyFile when available and the -k option is used with an appropriate prefix.

kimpersonate can be used in samba root preexec option or for debugging. kimpersonate -s host/hummel.e.kth.se@E.KTH.SE -c lha@E.KTH.SE -5 will create a Kerberos 5 ticket for lha@E.KTH.SE for the host hummel.e.kth.se if there exists a keytab entry for it in /etc/krb5.keytab.

Love Hornquist Astrand <lha@kth.se>