Enabling root login via AppleTalk Filing Protocol

Jan 10, '02 02:36:29PM

Contributed by: Anonymous

ApleTalk Filing Protocol (AFP) root login can make it more convenient to remotely administer OS X boxes.

There's a property in NetInfo, found in the path config -> AppleFileServer -> allow_root_login, which serves this very purpose, and which is set to 0 by default. You can set it remotely to 1 locally using NetInfo Manager (or remotely using niutil; you need to kill and restart the AppleFileServer process for the change to take effect).

[Editor's note: I would imagine this is set to off by default as enabling root login via AFP does present some security issues if your root password is ever compromised. A hacker that discovers the root password will have the ability to login remotely at the root level. With the switch in its default setting, the hacker would need physical access to the machine in addition to the root password. So by changing the switch setting, keep in mind you are removing one layer of security ... at least, that's my view of it. Someone please correct me if I'm wrong.]

Comments (4)


Mac OS X Hints
http://hints.macworld.com/article.php?story=20020110143629681