I can't seem to recall why, but last week a port I was trying to install depended on the heimdal port. So I installed it and went on my merry way ... until today that is, when I ended up doing this for: $ sudo su - postgres81 Whoops! That "su" is not the "su" you might be thinking of. That "su" is: /path/to/macports/bin/su as in /opt/local/bin/su installed by the heimdal port. Yikes! More than one su to choose from? Could be scary for the unaware! The problem is that by default the Heimdal "su" wants to use Kerberos so it stops and asks you ( even though you've first sudo'ed to root using Apple's "sudo") what is the password for the user you're su'ing to (in the case above postgres81). If you don't have kerberos running then it will complain but will then revert to your local NetInfo domain (or I presume Open Directory or LDAP) for accessing passwords. Regarding not having kerberos running, no problem, the Heimdal man page says you can disable the default kerberos check with a "-K" but that would then mean that you'd have to do "su -K postgresql81", and that would mean you'd have to manually modify startup scripts such as that used by the postgres81 user for firing up PostgreSQL 8.1.x that its launchd plist in /Library/LaunchDaemons points to. It might be worth the extra manual work but it probably depends on your needs. Yeah, there are other ways to force use of /usr/bin/su but anyway, the Heimdal cloaking of su threw me off today so I thought I'd warn others ahead of time in case there are some ports that depend on Heimdal and you end up installing (without deactivating) Heimdal in the process. BTW, absolutely no offense meant toward Landon who maintains the Heimdal MacPort. Best regards, T.M.