xref: /netbsd-src/crypto/external/bsd/heimdal/dist/kuser/kimpersonate.8 (revision afab4e300d3a9fb07dd8c80daf53d0feb3345706) 
1.\"	$NetBSD: kimpersonate.8,v 1.7 2023/06/19 21:41:42 christos Exp $
2.\"
3.\" Copyright (c) 2002 - 2007 Kungliga Tekniska Högskolan
4.\" (Royal Institute of Technology, Stockholm, Sweden).
5.\" All rights reserved.
6.\"
7.\" Redistribution and use in source and binary forms, with or without
8.\" modification, are permitted provided that the following conditions
9.\" are met:
10.\"
11.\" 1. Redistributions of source code must retain the above copyright
12.\"    notice, this list of conditions and the following disclaimer.
13.\"
14.\" 2. Redistributions in binary form must reproduce the above copyright
15.\"    notice, this list of conditions and the following disclaimer in the
16.\"    documentation and/or other materials provided with the distribution.
17.\"
18.\" 3. Neither the name of the Institute nor the names of its contributors
19.\"    may be used to endorse or promote products derived from this software
20.\"    without specific prior written permission.
21.\"
22.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
23.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
24.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
25.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
26.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
27.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
28.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
29.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
30.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
31.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
32.\" SUCH DAMAGE.
33.\"
34.\" Id
35.\"
36.Dd September 18, 2006
37.Dt KIMPERSONATE 8
38.Os
39.Sh NAME
40.Nm kimpersonate
41.Nd impersonate a user when there exist a keyfile or KeyFile
42.Sh SYNOPSIS
43.Nm
44.Op Fl s Ar string \*(Ba Fl Fl ccache= Ns Ar string
45.Op Fl s Ar string \*(Ba Fl Fl server= Ns Ar string
46.Op Fl c Ar string \*(Ba Fl Fl client= Ns Ar string
47.Op Fl k Ar string \*(Ba Fl Fl keytab= Ns Ar string
48.Op Fl 5 | Fl Fl krb5
49.Op Fl A | Fl Fl add
50.Op Fl R | Fl Fl referral
51.Op Fl e Ar integer \*(Ba Fl Fl expire-time= Ns Ar integer
52.Op Fl a Ar string \*(Ba Fl Fl client-address= Ns Ar string
53.Op Fl t Ar string \*(Ba Fl Fl enc-type= Ns Ar string
54.Op Fl Fl session-enc-type= Ns Ar string
55.Op Fl f Ar string \*(Ba Fl Fl ticket-flags= Ns Ar string
56.Op Fl Fl verbose
57.Op Fl Fl version
58.Op Fl Fl help
59.Sh DESCRIPTION
60The
61.Nm
62program creates a "fake" ticket using the service-key of the service and
63stores it in the given (or default) ccache.  This is useful for testing.
64The service key can be read from a Kerberos 5 keytab or AFS KeyFile.
65Supported options:
66.Bl -tag -width Ds
67.It Fl Fl ccache= Ns Ar string
68ccache into which to store the ticket
69.It Fl s Ar string Ns , Fl Fl server= Ns Ar string
70name of server principal
71.It Fl c Ar string Ns , Fl Fl client= Ns Ar string
72name of client principal
73.It Fl k Ar string Ns , Fl Fl keytab= Ns Ar string
74name of keytab file
75.It Fl 5 Ns , Fl Fl krb5
76create a Kerberos 5 ticket
77.It Fl A Ns , Fl Fl add
78don't re-initialize the ccache, instead add the ticket to an existing
79ccache.
80.It Fl R Ns , Fl Fl referral
81simulate a referrals-based KDC client by storing two entries, one with
82the empty realm for the service principal name.
83.It Fl e Ar integer Ns , Fl Fl expire-time= Ns Ar integer
84lifetime of ticket in seconds
85.It Fl a Ar string Ns , Fl Fl client-address= Ns Ar string
86address of client
87.It Fl t Ar string Ns , Fl Fl enc-type= Ns Ar string
88encryption type (defaults to "aes256-cts-hmac-sha1-96")
89.It Fl Fl session-enc-type= Ns Ar string
90session encryption type (defaults to enc-type or "des-cbc-crc" for afs service tickets)
91.It Fl f Ar string Ns , Fl Fl ticket-flags= Ns Ar string
92ticket flags for krb5 ticket
93.It Fl Fl verbose
94Verbose output
95.It Fl Fl version
96Print version
97.It Fl Fl help
98.El
99.Sh FILES
100Uses
101.Pa /etc/krb5.keytab,
102and
103.Pa /usr/afs/etc/KeyFile
104when available and the
105.Fl k
106option is used with an appropriate prefix.
107.Sh EXAMPLES
108.Nm
109can be used in
110.Nm samba
111root preexec option
112or for debugging.
113.Nm
114-s host/hummel.e.kth.se@E.KTH.SE -c lha@E.KTH.SE -5
115will create a Kerberos 5 ticket for lha@E.KTH.SE for the host
116hummel.e.kth.se if there exists a keytab entry for it in
117.Pa /etc/krb5.keytab .
118.Pp
119In combination with the
120.Nm ktutil
121command, this is useful for testing.  For example,
122.Pp
123.Nm ktutil
124-k tkt add -p host/foo.test@TEST -V2 -e aes256-cts-hmac-sha1-96 -r
125.Pp
126.Nm
127--cache=tcc -s host/foo.test@TEST -c jdoe@TEST -k tkt --referral
128.Sh SEE ALSO
129.Xr kinit 1 ,
130.Xr klist 1
131.Sh AUTHORS
132Love Hornquist Astrand <lha@kth.se>
133