NAME

       su — substitute user identity

SYNOPSIS

       su  [-K  |  --no-kerberos]  [-f]  [-l  |  --full]  [-m] [-i instance | --instance=instance] [-c command |
          --command=command] [login [shell arguments]]

DESCRIPTION

       su will use Kerberos authentication provided that an instance for the user wanting  to  change  effective
       UID is present in a file named .k5login in the target user id's home directory

       A  special  case  exists where ‘root's’ ~/.k5login needs to contain an entry for: ‘user/⟨instance⟩@REALM’
       for su to succed (where ⟨instance⟩ is ‘root’ unless changed with -i).

       In the absence of either an entry  for  current  user  in  said  file  or  other  problems  like  missing
       ‘host/hostname@REALM’  keys  in the system's keytab, or user typing the wrong password, su will fall back
       to traditional /etc/passwd authentication.

       When using /etc/passwd authentication, su allows ‘root’ access only to members of the group  ‘wheel’,  or
       to any user (with knowledge of the ‘root’ password) if that group does not exist, or has no members.

       The options are as follows:

       -K, --no-kerberos don't use Kerberos.

       -f don't read .cshrc.

       -l, --full simulate full login.

       -m leave environment unmodified.

       -i instance, --instance=instance root instance to use.

       -c command, --command=command command to execute.

HEIMDAL                                         January 12, 2006                                           SU(1)