Connecting to legacy AFP services

Learn how to enable legacy authentication methods for the AFP client in OS X Lion or later, so that you can connect to older AFP servers.

This article has been archived and is no longer updated by Apple.

Older, less secure authentication methods are not enabled by default in OS X Lion and later. You can enable one or more of these methods to support legacy devices or protocols by following these steps:

1. Open Terminal.

2. Execute the following commands:

sudo chmod o+w /Library/Preferences
sudo defaults write /Library/Preferences/ afp_host_prefs_version -int 1

3. Make an AFP connection to another system so that the AFP Client preference file will be filled in with the default set of values. Note: You must connect as a registered user, not as a guest.

4. Execute the following command to see a list of the disabled User Authentication Methods (UAMs):

defaults read /Library/Preferences/ afp_disabled_uams

5. By default the disabled UAMs are "Cleartxt Passwrd", "MS2.0", "2-Way Randnum exchange", and "DHCAST128". Note: If you don't see a list, restart your computer and repeat step 3.

6. To enable one of these UAMs, remove it from the list of disabled UAMs. For example, this command enables DHCAST128 by removing it from the list of disabled authentication methods:

sudo defaults write /Library/Preferences/ afp_disabled_uams -array "Cleartxt Passwrd" "MS2.0" "2-Way Randnum exchange"

7. After the desired changes have been made, restore the permissions on the Preferences folder with this command:

sudo chmod o-w /Library/Preferences

Learn more

If you want to undo the changes described above, you can either delete the /Library/Preferences/ file or use the following command to re-disable the default set of older UAMs:

sudo defaults write /Library/Preferences/ afp_disabled_uams -array "Cleartxt Passwrd" "MS2.0" "2-Way Randnum exchange" "DHCAST128"
Published Date: