Man page - ksu.heimdal(1)

Packages contains this manual

Package:  heimdal-clients
apt-get install heimdal-clients

Manuals in package:
• kinit.heimdal(1)
• kimpersonate(8)
• ksu.heimdal(1)
• kadmin.heimdal(1)
• string2key(8)
• kpasswd.heimdal(1)
• otpprint(1)
• kgetcred(1)
• kpagsh(1)
• ktutil.heimdal(1)
• afslog(1)
• otp(1)
• verify_krb5_conf(8)
• kf(1)
• kswitch.heimdal(1)
• kdigest(8)
• kdestroy.heimdal(1)
• klist.heimdal(1)
Documentations in package:
• heimdal-clients

Manual

---

SU (1) General Commands Manual SU (1)

NAME

su — substitute user identity

SYNOPSIS

su [ -K | --no-kerberos ] [ -f ] [ -l | --full ] [ -m ] [

-i instance |
--instance= instance ] [
-c command |
--command= command ] [ login [ shell arguments ]]

DESCRIPTION

su will use Kerberos authentication provided that an instance for the user wanting to change effective UID is present in a file named .k5login in the target user id’s home directory

A special case exists where ‘root’s’ ˜/.k5login needs to contain an entry for: ‘user/⟨

instance ⟩ @REALM’ for su to succed (where ⟨ instance⟩ is ‘root’ unless changed with -i ).

In the absence of either an entry for current user in said file or other problems like missing ‘host/hostname@REALM’ keys in the system’s keytab, or user typing the wrong password, su will fall back to traditional /etc/passwd authentication.

When using /etc/passwd authentication, su allows ‘root’ access only to members of the group ‘wheel’, or to any user (with knowledge of the ‘root’ password) if that group does not exist, or has no members.

The options are as follows:

-K , --no-kerberos don’t use Kerberos.

-f don’t read .cshrc.

-l , --full simulate full login.

-m leave environment unmodified.

-i instance , --instance= instance root instance to use.

-c command , --command= command command to execute. HEIMDAL January 12, 2006 SU (1)

---