Lion Server: AFP users unable to authenticate with Kerberos after upgrading


After upgrading to Lion Server, AFP clients may no longer be able to authenticate via Kerberos. The AFP service may be referencing the LKDC.


  1. On the AFP server, execute the following command in Terminal using the correct Kerberos REALM_NAME and a user account authorized to make changes in the Kerberos database:

    sudo sso_util configure -r REALM_NAME -a diradmin afp

    Note:  You will be prompted for two passwords. First, for the current user's password, and then for the directory administrator's password.
  2. Restart the server.
Last Modified: Jul 28, 2011
Not helpful Somewhat helpful Helpful Very helpful Solved my problem
Print this page
  • Last Modified: Jul 28, 2011
  • Article: TS2938
  • Views:

  • Rating:
    • 59.0

    (543 Responses)

Additional Product Support Information

Start a Discussion
in Apple Support Communities
See all questions on this article See all questions I have asked