heimdal-su man page
su — substitute user identity
|su|| [-K | --no-kerberos] [-f] [-l | --full] [-m] [-i |
su will use Kerberos authentication provided that an instance for the user wanting to change effective UID is present in a file named
.k5login in the target user id's home directory
A special case exists where ‘
~/.k5login needs to contain an entry for: ‘
user/⟨instance⟩@REALM’ for su to succed (where ⟨instance⟩ is ‘
root’ unless changed with -i).
In the absence of either an entry for current user in said file or other problems like missing ‘
host/hostname@REALM’ keys in the system's keytab, or user typing the wrong password, su will fall back to traditional
/etc/passwd authentication, su allows ‘
root’ access only to members of the group ‘
wheel’, or to any user (with knowledge of the ‘
root’ password) if that group does not exist, or has no members.
The options are as follows:
- -K, --no-kerberos don't use Kerberos.
- -f don't read .cshrc.
- -l, --full simulate full login.
- -m leave environment unmodified.
instanceroot instance to use.
commandcommand to execute.