heimdal-su (1) - Linux Manuals

heimdal-su: substitute user identity

NAME

su - substitute user identity

SYNOPSIS

su [-K | --no-kerberos ] [-f ] [-l | --full ] [-m ] [-i instance | --instance= instance ] [-c command | --command= command ] [login [shell arguments ] ]

DESCRIPTION

su will use Kerberos authentication provided that an instance for the user wanting to change effective UID is present in a file named .k5login in the target user id's home directory

A special case exists where `root' Ap s ~/.k5login needs to contain an entry for: `user' Ns / Ns Ao instance Ac Ns @ Ns REALM for su to succed (where Aq instance is `root' unless changed with -i )

In the absence of either an entry for current user in said file or other problems like missing `host/hostname [at] REALM' keys in the system's keytab, or user typing the wrong password, su will fall back to traditional /etc/passwd authentication.

When using /etc/passwd authentication, su allows `root' access only to members of the group `wheel' , or to any user (with knowledge of the `root' password) if that group does not exist, or has no members.

The options are as follows:

-K
--no-kerberos don't use Kerberos.
-f
don't read .cshrc.
-l
--full simulate full login.
-m
leave environment unmodified.
-i instance
--instance= instance root instance to use.
-c command
--command= command command to execute.