Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!

Enabling root login via AppleTalk Filing Protocol Network
ApleTalk Filing Protocol (AFP) root login can make it more convenient to remotely administer OS X boxes.

There's a property in NetInfo, found in the path config -> AppleFileServer -> allow_root_login, which serves this very purpose, and which is set to 0 by default. You can set it remotely to 1 locally using NetInfo Manager (or remotely using niutil; you need to kill and restart the AppleFileServer process for the change to take effect).

[Editor's note: I would imagine this is set to off by default as enabling root login via AFP does present some security issues if your root password is ever compromised. A hacker that discovers the root password will have the ability to login remotely at the root level. With the switch in its default setting, the hacker would need physical access to the machine in addition to the root password. So by changing the switch setting, keep in mind you are removing one layer of security ... at least, that's my view of it. Someone please correct me if I'm wrong.]
    •    
  • Currently 2.25 / 5
  You rated: 3 / 5 (4 votes cast)
 
[5,863 views]  

Enabling root login via AppleTalk Filing Protocol | 4 comments | Create New Account
Click here to return to the 'Enabling root login via AppleTalk Filing Protocol' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
System Administrator login
Authored by: mattriley on Jan 10, '02 06:07:32PM

I manage a couple OSXS boxes and I must say that the lack of direct root login via afp is probably a good thing. I like security as much as the next guy...

However, there are some interesting things to note. For instance, I can log into an OSXS version 1.2 box over afp using "root" just fine. But it's vastly different from the OS X most of us know and love.

However, while you can't use "root" as the user name to login via afp on the latest versions of OSXS (versions 10.0.x through 10.1.x), you can use "System Administrator" and then supply the root password.

Having root access via afp is good for control freaks such as myself. With it, you can easily modify things such as folder permissions that you otherwise wouldn't be able to using a regular admin account. Very handy.

Just thought I'd point this out, since no one has yet commented on this hint.



[ Reply to This | # ]
Crash when uploading
Authored by: pecetta on Jan 23, '02 06:43:27AM

Hello, I'm using Mac OS 9 clients on different computers and operating systems, connecting them to a Mac OS X server without TCP/IP and setting the X server Appletalk protocol as described in your post
above.

Well i can copy from the OS X server to all Classic clients all kind of files or folder, (also GBytes of those files) but i can't copy from the server to the client via Appletalk, because everytime i try it, the finder copy freeze.

This Finder copy frozing happens with every tcp/ip option available on Mac OS 9, also switching from ethernet to appletalk.

Please note that the time clock of the client computer still continue to run, and i can use the client working on it with every other program, but every copy process freeze.

Also re-loging in the OS X server i can't delete the files i was copying to the server, because it says that those files are in use, (the last file i was copyng).

Any idea? How can backup the files I.E. booting with an OS 9 CD on a damaged computer?



[ Reply to This | # ]
Enabling root login via AppleTalk Filing Protocol
Authored by: Dougb on May 04, '05 09:55:55PM

Does anyone know where this has moved in Tiger??
Thanks for any help



[ Reply to This | # ]
Enabling root login via AppleTalk Filing Protocol
Authored by: gregoryh on Sep 02, '05 11:40:50AM

Not anymore on NetInfo
On OS X Server 10.4.2 you have to modify this file:
/Library/Preferences/com.apple.AppleFileServer.plist
Open the file with "Property List Editor"(found on devTools) and then change
Root->allowRootLogin to Yes
VoilĂ  !



[ Reply to This | # ]