Archived - Lion Server: AFP users unable to authenticate with Kerberos after upgrading

This article has been archived and is no longer updated by Apple.


After upgrading to Lion Server, AFP clients may no longer be able to authenticate via Kerberos. The AFP service may be referencing the LKDC.


  1. On the AFP server, execute the following command in Terminal using the correct Kerberos REALM_NAME and a user account authorized to make changes in the Kerberos database:

    sudo sso_util configure -r REALM_NAME -a diradmin afp

    Note:  You will be prompted for two passwords. First, for the current user's password, and then for the directory administrator's password.
  2. Restart the server.
Last Modified: Sep 24, 2014
  • Last Modified: Sep 24, 2014
  • Article: TS2938
  • Views:


Additional Product Support Information

Start a Discussion
in Apple Support Communities
See all questions on this article See all questions I have asked