Connecting to legacy AFP services
Learn how to enable legacy authentication methods for the AFP client in OS X Lion or Mountain Lion so that you can connect to older AFP servers.
Lion Server, OS X Server (Mountain Lion), OS X Mountain Lion, OS X Lion
Older, less secure authentication methods are not enabled by default in OS X Lion and Mountain Lion. You can enable one or more of these methods to support legacy devices or protocols by following these steps:
- Open Terminal.
- Execute the following commands:
sudo chmod o+w /Library/Preferences
sudo defaults write /Library/Preferences/com.apple.AppleShareClient afp_host_prefs_version -int 1
- Make an AFP connection to another system so that the AFP Client preference file will be filled in with the default set of values. Note: You must connect as a registered user, not as a guest.
- Execute the following command to see a list of the disabled User Authentication Methods (UAMs)
defaults read /Library/Preferences/com.apple.AppleShareClient afp_disabled_uams
By default the disabled UAMs are "Cleartxt Passwrd", "MS2.0", "2-Way Randnum exchange", and "DHCAST128". Note: If you don't see a list, restart your computer and repeat step 3.
- To enable one of these UAMs, remove it from the list of disabled UAMs. For example, this command enables DHCAST128 by removing it from the list of disabled authentication methods:
sudo defaults write /Library/Preferences/com.apple.AppleShareClient afp_disabled_uams -array "Cleartxt Passwrd" "MS2.0" "2-Way Randnum exchange"
- After the desired changes have been made, restore the permissions on the Preferences folder with this command:
sudo chmod o-w /Library/Preferences
If you want to undo the changes described above, you can either delete the /Library/Preferences/com.apple.AppleShareClient file or use the following command to re-disable the default set of older UAMs:
sudo defaults write /Library/Preferences/com.apple.AppleShareClient afp_disabled_uams -array "Cleartxt Passwrd" "MS2.0" "2-Way Randnum exchange" "DHCAST128"