Login or Register to Ask a Question and Join Our Community

Linux and UNIX Man Pages

Linux & Unix Commands - Search Man Pages

kimpersonate(8) [debian man page]

KIMPERSONATE(8) 					    BSD System Manager's Manual 					   KIMPERSONATE(8)

NAME

     kimpersonate -- impersonate a user when there exist a srvtab, keyfile or KeyFile

SYNOPSIS

     kimpersonate [-s string | --server=string] [-c string | --client=string] [-k string | --keytab=string] [-5 | --krb5]
		  [-e integer | --expire-time=integer] [-a string | --client-address=string] [-t string | --enc-type=string]
		  [-f string | --ticket-flags=string] [--verbose] [--version] [--help]

DESCRIPTION

     The kimpersonate program creates a "fake" ticket using the service-key of the service.  The service key can be read from a Kerberos 5 keytab,
     AFS KeyFile or (if compiled with support for Kerberos 4) a Kerberos 4 srvtab.  Supported options:

     -s string, --server=string
	     name of server principal

     -c string, --client=string
	     name of client principal

     -k string, --keytab=string
	     name of keytab file

     -5, --krb5
	     create a Kerberos 5 ticket

     -e integer, --expire-time=integer
	     lifetime of ticket in seconds

     -a string, --client-address=string
	     address of client

     -t string, --enc-type=string
	     encryption type

     -f string, --ticket-flags=string
	     ticket flags for krb5 ticket

     --verbose
	     Verbose output

     --version
	     Print version

     --help

FILES

     Uses /etc/krb5.keytab, /etc/srvtab and /usr/afs/etc/KeyFile when available and the -k option is used with an appropriate prefix.

EXAMPLES

     kimpersonate can be used in samba root preexec option or for debugging.  kimpersonate -s host/hummel.e.kth.se@E.KTH.SE -c lha@E.KTH.SE -5
     will create a Kerberos 5 ticket for lha@E.KTH.SE for the host hummel.e.kth.se if there exists a keytab entry for it in /etc/krb5.keytab.

SEE ALSO

     kinit(1), klist(1)

AUTHORS

     Love Hornquist Astrand <lha@kth.se>

Heimdal 							September 18, 2006							   Heimdal

Check Out this Related Man Page

KLIST(1)						      General Commands Manual							  KLIST(1)

NAME

       klist - list cached Kerberos tickets

SYNOPSIS

       klist [-5] [-4] [-e] [[-c] [-f] [-s] [-a  [-n]]] [-k [-t] [-K]] [cache_name | keytab_name]

DESCRIPTION

       Klist lists the Kerberos principal and Kerberos tickets held in a credentials cache, or the keys held in a keytab file.	If klist was built
       with Kerberos 4 support, the default behavior is to list both Kerberos 5 and Kerberos 4 credentials.   Otherwise,  klist  will  default	to
       listing only Kerberos 5 credentials.

OPTIONS

       -5     list Kerberos 5 credentials.  This overrides whatever the default built-in behavior may be.  This option may be used with -4

       -4     list  Kerberos 4 credentials.  This overrides whatever the default built-in behavior may be.  This option is only available if kinit
	      was built with Kerberos 4 compatibility.	This option may be used with -5

       -e     displays the encryption types of the session key and the ticket for each credential in the credential cache,  or	each  key  in  the
	      keytab file.

       -c     List tickets held in a credentials cache.  This is the default if neither -c nor -k is specified.

       -f     shows the flags present in the credentials, using the following abbreviations:

		   F	Forwardable
		   f	forwarded
		   P	Proxiable
		   p	proxy
		   D	postDateable
		   d	postdated
		   R	Renewable
		   I	Initial
		   i	invalid

       -s     causes  klist  to  run  silently (produce no output), but to still set the exit status according to whether it finds the credentials
	      cache.  The exit status is `0' if klist finds a credentials cache, and `1' if it does not.

       -a     display list of addresses in credentials.

       -n     show numeric addresses instead of reverse-resolving addresses.

       -k     List keys held in a keytab file.

       -t     display the time entry timestamps for each keytab entry in the keytab file.

       -K     display the value of the encryption key in each keytab entry in the keytab file.

       If cache_name or keytab_name is not specified, klist will display the credentials in the default credentials cache or keytab file as appro-
       priate.	If the KRB5CCNAME environment variable is set, its value is used to name the default ticket cache.

ENVIRONMENT

       Klist uses the following environment variables:

       KRB5CCNAME      Location of the Kerberos 5 credentials (ticket) cache.

       KRBTKFILE      Filename of the Kerberos 4 credentials (ticket) cache.

FILES

       /tmp/krb5cc_[uid]  default location of Kerberos 5 credentials cache ([uid] is the decimal UID of the user).

       /tmp/tkt[uid]  default location of Kerberos 4 credentials cache ([uid] is the decimal UID of the user).

       /etc/krb5.keytab
		      default location for the local host's keytab file.

SEE ALSO

       kinit(1), kdestroy(1), krb5(3)

																	  KLIST(1)
Man Page