Be alert for the heimdal port's instance of "su"

[Tabitha McNerney]

I can't seem to recall why, but last week a port I was trying to install
depended on the heimdal port. So I installed it and went on my merry way ...
until today that is, when I ended up doing this for:

$ sudo su - postgres81

Whoops! That "su" is not the "su" you might be thinking of. That "su" is:

/path/to/macports/bin/su as in /opt/local/bin/su

installed by the heimdal port.

Yikes! More than one su to choose from? Could be scary for the unaware!

The problem is that by default the Heimdal "su" wants to use Kerberos so it
stops and asks you ( even though you've first sudo'ed to root using Apple's
"sudo") what is the password for the user you're su'ing to (in the case
above postgres81). If you don't have kerberos running then it will complain
but will then revert to your local NetInfo domain (or I presume Open
Directory or LDAP) for accessing passwords.

Regarding not having kerberos running, no problem, the Heimdal man page says
you can disable the default kerberos check with a "-K" but that would then
mean that you'd have to do "su -K postgresql81", and that would mean you'd
have to manually modify  startup scripts such as that used by the postgres81
user for firing up PostgreSQL 8.1.x that its launchd plist in
/Library/LaunchDaemons points to. It might be worth the extra manual work
but it probably depends on your needs. Yeah, there are other ways to force
use of /usr/bin/su but anyway, the Heimdal cloaking of su threw me off today
so I thought I'd warn others ahead of time in case there are some ports that
depend on Heimdal and you end up installing (without deactivating) Heimdal
in the process.

BTW, absolutely no offense meant toward  Landon who maintains the Heimdal
MacPort.

Best regards,

T.M.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.macosforge.org/pipermail/macports-users/attachments/20070416/e5a53f5a/attachment.html