heimdal-su (1) - Linux Man Pages
heimdal-su: substitute user identity
su - substitute user identity
SYNOPSISsu [-K | --no-kerberos ] [-f ] [-l | --full ] [-m ] [-i instance | --instance= instance ] [-c command | --command= command ] [login [shell arguments ] ]
DESCRIPTIONsu will use Kerberos authentication provided that an instance for the user wanting to change effective UID is present in a file named .k5login in the target user id's home directory
A special case exists where `root' Ap s ~/.k5login needs to contain an entry for: `user' Ns / Ns Ao instance Ac Ns @ Ns REALM for su to succed (where Aq instance is `root' unless changed with -i )
In the absence of either an entry for current user in said file or other problems like missing `host/hostname [at] REALM' keys in the system's keytab, or user typing the wrong password, su will fall back to traditional /etc/passwd authentication.
When using /etc/passwd authentication, su allows `root' access only to members of the group `wheel' , or to any user (with knowledge of the `root' password) if that group does not exist, or has no members.
The options are as follows:
- --no-kerberos don't use Kerberos.
- don't read .cshrc.
- --full simulate full login.
- leave environment unmodified.
- -i instance
- --instance= instance root instance to use.
- -c command
- --command= command command to execute.