| KIMPERSONATE(8) | System Manager's Manual | KIMPERSONATE(8) | 
NAME
 kimpersonate — impersonate a user when there exist a keyfile or KeyFile
SYNOPSIS
| kimpersonate | [-s string | --ccache=string] [-s string | --server=string] [-c string | --client=string] [-k string | --keytab=string] [-5 | --krb5] [-A | --add] [-R | --referral] [-e integer | --expire-time=integer] [-a string | --client-address=string] [-t string | --enc-type=string] [--session-enc-type=string] [-f string | --ticket-flags=string] [--verbose] [--version] [--help] | 
 
DESCRIPTION
 The 
kimpersonate program creates a "fake" ticket using the service-key of the service and stores it in the given (or default) ccache.  This is useful for testing. The service key can be read from a Kerberos 5 keytab or AFS KeyFile. Supported options:
- 
--ccache=string
- 
ccache into which to store the ticket
- 
-s string, --server=string
- 
name of server principal
- 
-c string, --client=string
- 
name of client principal
- 
-k string, --keytab=string
- 
name of keytab file
- 
-5, --krb5
- 
create a Kerberos 5 ticket
- 
-A, --add
- 
don't re-initialize the ccache, instead add the ticket to an existing ccache.
- 
-R, --referral
- 
simulate a referrals-based KDC client by storing two entries, one with the empty realm for the service principal name.
- 
-e integer, --expire-time=integer
- 
lifetime of ticket in seconds
- 
-a string, --client-address=string
- 
address of client
- 
-t string, --enc-type=string
- 
encryption type (defaults to "aes256-cts-hmac-sha1-96")
- 
--session-enc-type=string
- 
session encryption type (defaults to enc-type or "des-cbc-crc" for afs service tickets)
- 
-f string, --ticket-flags=string
- 
ticket flags for krb5 ticket
- 
--verbose
- 
Verbose output
- 
--version
- 
Print version
- 
--help
- 
 
FILES
 Uses /etc/krb5.keytab, and /usr/afs/etc/KeyFile when available and the -k option is used with an appropriate prefix.
EXAMPLES
 kimpersonate can be used in 
samba root preexec option or for debugging. 
kimpersonate -s host/hummel.e.kth.se@E.KTH.SE -c lha@E.KTH.SE -5 will create a Kerberos 5 ticket for lha@E.KTH.SE for the host hummel.e.kth.se if there exists a keytab entry for it in 
/etc/krb5.keytab.
In combination with the ktutil command, this is useful for testing.  For example,
ktutil -k tkt add -p host/foo.test@TEST -V2 -e aes256-cts-hmac-sha1-96 -r
kimpersonate --cache=tcc -s host/foo.test@TEST -c jdoe@TEST -k tkt --referral
 
AUTHORS
 Love Hornquist Astrand <lha@kth.se>