SU(1) | General Commands Manual | SU(1) |
su
— substitute
user identity
su |
[-K | --no-kerberos ]
[-f ] [-l |
--full ] [-m ]
[-i instance |
--instance= instance]
[-c command |
--command= command]
[login [shell arguments]] |
su
will use Kerberos authentication
provided that an instance for the user wanting to change effective UID is
present in a file named .k5login in the target user
id's home directory
A special case exists where
‘root's
’
~/.k5login needs to contain an entry for:
‘user/⟨instance⟩@REALM
’
for su
to succed (where ⟨instance⟩ is
‘root
’ unless changed with
-i
).
In the absence of either an entry for current user in said file or
other problems like missing
‘host/hostname@REALM
’ keys in the
system's keytab, or user typing the wrong password,
su
will fall back to traditional
/etc/passwd authentication.
When using /etc/passwd authentication,
su
allows
‘root
’ access only to members of the
group ‘wheel
’, or to any user (with
knowledge of the ‘root
’ password) if
that group does not exist, or has no members.
The options are as follows:
January 12, 2006 | HEIMDAL |