Home Forums OS X Server and Client Discussion Questions and Answers Default AFP Settings

Viewing 1 post (of 1 total)
  • Author
    Posts
  • March 17, 2003 at 11:45 am #355354
    gatorparrots
    Participant

    In our attempts to secure our OS X 10.1.5 (non-Server version)-based mailserver, I shut off AFP (at both the firewall and daemon levels). However, before doing so I read the default configuration settings and compared them to my 10.2 (non-Server version) machine:

    [color=blue:c5ff956b27]niutil -read . /config/AppleFileServer[/color:c5ff956b27]

    [b:c5ff956b27]10.1.5:[/b:c5ff956b27]
    [quote:c5ff956b27]name: AppleFileServer
    auto_restart: 0
    guest_access: 0
    activity_log_size: 1000
    activity_log_time: 7
    error_log_size: 1000
    error_log_time: 0
    activity_log: 0
    reg_AppleTalk: 1
    use_appletalk: 0
    login_greeting:
    idle_disconnect_OnOff: 0
    idle_disconnect_msg:
    idle_disconnect_time: 10
    idle_disconnect_flag: GuestUsrDisconnect_ON ,RegtdUsrDisconnect_ON ,AdminUsrDisconnect_ON ,OpenFileDisconnect_ON
    client_sleep_OnOff: 1
    send_greeting_once: 0
    logging_attributes: Login_ON,Logout_ON,CreateDir_ON,CreateFile_ON,OpenForkk_ON,Delete_ON
    register_NSL: 1
    login_greeting_time: 0
    use_home_dirs: 0
    allow_root_login: 0
    afp_tcp_port: 548
    tickle_time: 30
    tickle_time_out: 120
    tcp_quantum: 32768
    activity_log_path: /Library/Logs/AppleFileService/AppleFileServiceAccess.log
    error_log_path: /Library/Logs/AppleFileService/AppleFileServiceError.log
    autostart: 0
    afpserver_Threads: 40
    client_sleep_time: 24[/quote:c5ff956b27]
    [b:c5ff956b27]10.2.4:[/b:c5ff956b27]
    [quote:c5ff956b27]idle_disconnect_time: 5
    error_log_size: 1000
    server_stopped_time: 1038366892
    guest_access: 0
    idle_disconnect_flag: GuestUsrDisconnect_ON ,RegtdUsrDisconnect_ON ,AdminUsrDisconnect_ON ,OpenFileDisconnect_ON
    reconnect_flag: all
    send_greeting_once: 0
    logging_attributes: Login_ON,Logout_ON,CreateDir_ON,CreateFile_ON,OpenForkk_ON,Delete_ON
    activity_log_path: /Library/Logs/AppleFileService/AppleFileServiceAccess.log
    afp_tcp_port: 548
    activity_log_time: 7
    activity_log: 0
    tickle_time_out: 120
    autostart: 0
    login_greeting:
    tickle_time: 30
    activity_log_size: 1000
    max_threads: 40
    allow_root_login: 0
    idle_disconnect_OnOff: 0
    idle_disconnect_msg:
    error_log_path: /Library/Logs/AppleFileService/AppleFileServiceError.log
    reconnect_ttl_in_min: 1440
    error_log_time: 0
    ssh_tunnel: 0
    auto_restart: 1
    admin_gets_sp: 0
    permissions_model: classic_permissions
    client_sleep_OnOff: 1
    login_greeting_time: 0
    use_home_dirs: 0
    name: AppleFileServer
    use_appletalk: 0
    special_admin_privs: 0
    reg_AppleTalk: 1
    tcp_quantum: 262144
    register_NSL: 1
    client_sleep_time: 24
    attempt_admin_auth: 1[/quote:c5ff956b27]
    These setting defualts make sense for a workstation-class machine in a workgroup environment. However, on a server-class machine, they look very insecure to me (hence the reason I disabled the unnecessary-to-us service).

    [b:c5ff956b27]Cabbage[/b:c5ff956b27] (or anyone else)– can you comment at all since you own 10.2 Server? Can you do a [color=blue:c5ff956b27]niutil -read . /config/AppleFileServer[/color:c5ff956b27] and post the results (that is, assuming Server uses the same facility as the standard workstation edition for AppleFileServer configuration)?

  • Author
    Posts
Viewing 1 post (of 1 total)
  • You must be logged in to reply to this topic.

Comments are closed

Copyright © 2025 AFP548. All Rights Reserved.