-.\" $OpenBSD: su.1,v 1.28 2010/12/10 19:32:21 millert Exp $
+.\" $OpenBSD: su.1,v 1.29 2014/04/22 12:53:48 henning Exp $
.\"
.\" Copyright (c) 1988, 1990 The Regents of the University of California.
.\" All rights reserved.
.\"
.\" from: @(#)su.1 6.12 (Berkeley) 7/29/91
.\"
-.Dd $Mdocdate: December 10 2010 $
+.Dd $Mdocdate: April 22 2014 $
.Dt SU 1
.Os
.Sh NAME
utility allows a user to run a shell with the user and group ID of another user
without having to log out and in as that other user.
.Pp
-If Kerberos is in use, the password for
-.Ar login
-(or for
-.Dq Ar login Ns /root ,
-if no login is provided) is requested, and
-.Nm
-switches to
-that user and group ID after obtaining a Kerberos ticket granting access.
-A shell is then executed, and any additional
-.Ar "shell arguments"
-after the login name
-are passed to the shell.
-If Kerberos is not configured or if there is a Kerberos error,
-.Nm
-falls back to local password authentication to validate the password for
-.Ar login .
-If
-.Nm
-is executed by root, no password is requested and a shell
-with the appropriate user ID is executed; no additional Kerberos tickets
-are obtained.
-.Pp
By default, the environment is unmodified with the exception of
.Ev LOGNAME ,
.Ev HOME ,
.Dq Pa .cshrc
file.
.It Fl K
-Do not attempt to use Kerberos to authenticate the user.
This is shorthand for
.Dq Nm Fl a Ar passwd ,
provided for backwards compatibility.
projects / openbsd / commitdiff