Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!

10.5: Connect to AFP shares with unencrypted passwords Network
One of the differences between Tiger and Leopard is that the former had an Options action in the login pane that allowed users to choose to connect to AFP shares with clear text (unencrypted) passwords. This option is missing from the Leopard AFP connection pane.

Unfortunately, many Appleshare servers only support clear text passwords -- for instance, the Qnap TS-109 NAS, which has an implementation of netatalk built in to it. Luckily, until the server supports connections with encrypted passwords, it is possible to configure Leopard to support clear text passwords.

To do so, disconnect from any AFP shares you are using, then navigate to ~/Library » Preferences » com.apple.AppleShareClient.plist. Double-click on the file to open the Property List Editor, which is part of the Developer Tools (the editor from the 10.4 tools works fine). Then just change the values of the keys afp_cleartext_allow and afp_cleartext_warn to Yes from their default value of No. Close the file, restart, and the next time you connect to an Appleshare server that only supports unencrypted passwords, you'll be able to do so.

It is also possible to edit these keys using the defaults system. The commands to do that, in Terminal, are:
$ defaults write com.apple.AppleShareClient "afp_cleartext_allow" -bool YES
$ defaults write com.apple.AppleShareClient "afp_cleartext_warn" -bool YES
[robg adds: I haven't tested this one.]
    •    
  • Currently 1.67 / 5
  You rated: 2 / 5 (6 votes cast)
 
[30,330 views]  

10.5: Connect to AFP shares with unencrypted passwords | 4 comments | Create New Account
Click here to return to the '10.5: Connect to AFP shares with unencrypted passwords' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
10.5: Connect to AFP shares with unencrypted passwords
Authored by: andya on Nov 06, '07 08:23:11AM
i don't think you're getting a secure connection by changing to "NO" for the "afp_cleartext_allow" default. i'm on a 10.5 client connecting to a 10.4 server. clients connected to the server show up in Server Admin with their user name and address in the AFP connected users pane. if the address is the DNS name of the server, they have connected securely, if its the DNS name of their client machine, its not secure. when i changed "afp_cleartext_allow" to NO, "afp_cleartext_warn" to YES and even added the following:
$ defaults write com.apple.AppleShareClient "afp_ssh_allow" -bool YES
i do NOT get a secure connection, nor a warning that i'm sending clear text. here's the relevant parts of my defaults read:

"afp_cleartext_allow" = 0;

"afp_cleartext_warn" = 1;

"afp_ssh_allow" = 1;

i haven't rolled out 10.5 to my users yet, nor got a hold of my 10.5 server copies, but i won't be doing so until this is fixed.

[ Reply to This | # ]
SSH and cleartext are not opposites
Authored by: timkingman on Nov 06, '07 02:31:51PM
Your first sentence is absolutely correct. Getting a secure connection and setting cleartext_allow to NO are not related. If you have cleartext_warn and cleartext_allow turned on, you will get warned if your password is going to be sent in clear text. This is not the opposite of connecting over SSH. All Apple AFP servers and properly-configured netatalk AFP servers will use "secure" authentication mechanisms, whether or not the entire connection is tunneled through SSH.

The problem you're actually seeing is separate and unrelated, and I think I see the same thing, where my 10.5 client isn't making an SSH/secure AFP connection to my 10.4 server, but that doesn't necessarily mean the password is sent in the clear.

[ Reply to This | # ]

10.5: Connect to AFP shares with unencrypted passwords
Authored by: escottf on Nov 06, '07 09:53:36AM

This works fine - our servers (and I'd imagine many more older servers) need plain text passwords and the server logins would error if this hack was not done.

We tried it last week after seeing it on another bulletin board and it works fine.

You may need a plist editor of some sort.

Now we just have to get Leopard to see the AppleShare zones!

---
Scott Fannen



[ Reply to This | # ]
10.5: Connect to AFP shares with unencrypted passwords
Authored by: stephendv on Nov 20, '07 02:22:02PM

Editing the file worked fine, but using the defaults command did not.



[ Reply to This | # ]