su will use Kerberos authentication provided that an instance for the user wanting to change effective UID is present in a file named
.k5login in the target user id's home directory
A special case exists where ‘
~/.k5login needs to contain an entry for: ‘
user/⟨instance⟩@REALM’ for su to succed (where ⟨instance⟩ is ‘
root’ unless changed with
In the absence of either an entry for current user in said file or other problems like missing ‘
host/hostname@REALM’ keys in the system's keytab, or user typing the wrong password, su will fall back to traditional
/etc/passwd authentication, su allows ‘
root’ access only to members of the group ‘
wheel’, or to any user (with knowledge of the ‘
root’ password) if that group does not exist, or has no members.
The options are as follows:
--no-kerberosdon't use Kerberos.
-fdon't read .cshrc.
--fullsimulate full login.
-mleave environment unmodified.
--instance=instance root instance to use.
--command=command command to execute.