Enabling clear text passwords in Snow Leopard with AppleScript
Update: It appears that clear text passwords for AFP connections only work when booted into 32 bit mode. I’ve updated the script to check for which kernel the user is booted into. If they are running 64 bit it asks them if they want to switch to 32 bit. If they say “Yes” then it makes the switch and reboots the machine for them.
A nice article explaining how to see if you are running in 32 or 64 bit mode is here at MacObserver.
There is an Apple Knowledge base article dealing with servers but with good information on switching kernels here.
The procedure for enabling clear text passwords for AFP connections is the same in Snow Leopard as it is in Leopard with one very critical difference. The details about how and why are already in my post on Leopard. If you want the background information you should check out that page. This post will only deal with the Snow Leopard-specific changes.
The big change for enabling clear text passwords for Snow Leopard is that the .plist file is now a binary. This is something Apple has been moving towards since 10.4 and there is a built-in utility that allows you to change the format back and forth to allow for easy editing called “plutil”. The full path to it is “/usr/bin/plutil”
The flag we need to be aware of in “plutil” is the “-convert” flag. There are two formats that we’ll use for this flag, “xml1” and “binary1”.
To convert the plist file to XML to allow editing we have to run the following command:
/usr/bin/plutil -convert xml1 /Users/joe/Library/Preferences/com.Apple.AppleShareClient.plist
This will convert the file to XML for editing. Now we will do the actual editing. This line is the same as in Leopard.
defaults write com.Apple.AppleShareClient afp_cleartext_allow -bool YES
Now that we have edited the file we have to convert it back to binary form. So we use the “plutil” tool again with a different format:
/usr/bin/plutil -convert binary1 /Users/joe/Library/Preferences/com.Apple.AppleShareClient.plist
Now the preference file is converted back to binary and can be used by the AFP client.
Here is an updated version of the Leopard AppleScript for changing this setting.
If you would prefer to download a pre-complied script file click below:
Snow Leopard Clear Text Script
[codesyntax lang=”applescript” lines=”no”]
set afp_pref_path to ((POSIX path of (path to preferences from user domain)) & “com.Apple.AppleShareClient.plist”)
set OS_version to (do shell script “sw_vers -productVersion”)
set kernel_answer to “”
--check if the user is running 32 or 64 bit kernel.
if OS_version contains “10.6” then
set kernel_version to (do shell script “/usr/sbin/systemsetup -getkernelbootarchitecturesetting”)
if kernel_version contains “x86_64” then
set kernel_answer to button returned of (display dialog “You are currently running in 64 bit mode. Clear text passwords only work in 32 bit mode. Would you like to change to 32 bit mode? This will require a restart.” buttons {“Yes, change it and restart”, “No, just enable clear text”} default button 1)
end if
end if
try
set clearStatus to (do shell script “defaults read com.Apple.AppleShareClient afp_cleartext_allow”) as number
on error
--the first command will throw an error if the afp_cleartext_allow setting does not exist
--if there is an error we’ll assume that the setting isn’t there and set our variable to the disabled setting
set clearStatus to 0
end try
--a status of “1” means it’s enabled. So ask if they want to disable it
if clearStatus is 1 then
display dialog “Do you want to disable clear text passwords?” buttons {“Cancel”, “Disable”} default button 2
if the button returned of the result is “Disable” then
do shell script “/usr/bin/plutil -convert xml1 ” & afp_pref_path
do shell script “defaults write com.Apple.AppleShareClient afp_cleartext_allow -bool NO”
do shell script “/usr/bin/plutil -convert binary1 ” & afp_pref_path
set clearStatus to (do shell script “defaults read com.Apple.AppleShareClient afp_cleartext_allow”) as number
--check to make sure the change really took effect
if clearStatus is 0 then
display dialog “Clear text passwords have been disabled” buttons {“OK”}
else
display dialog “There was an error disabling clear text passwords!” buttons {“OK”}
end if
end if
else
display dialog “Do you want to enable clear text passwords?” buttons {“Cancel”, “Enable”} default button 2
if the button returned of the result is “Enable” then
do shell script “/usr/bin/plutil -convert xml1 ” & afp_pref_path
do shell script “defaults write com.Apple.AppleShareClient afp_cleartext_allow -bool YES”
do shell script “/usr/bin/plutil -convert binary1 ” & afp_pref_path
set clearStatus to (do shell script “defaults read com.Apple.AppleShareClient afp_cleartext_allow”) as number
--check to make sure the change really took effect
if clearStatus is 1 then
display dialog “Clear text passwords have been enabled” buttons {“OK”}
else
display dialog “There was an error enabling clear text passwords!” buttons {“OK”}
end if
end if
end if
if kernel_answer contains “Yes” then
do shell script “/usr/sbin/systemsetup -setkernelbootarchitecture i386” with administrator privileges
do shell script “/sbin/shutdown -r now” with administrator privileges
end if
[/codesyntax]
webmaster :: Aug.31.2009 :: Applescript, Management, Scripts, Terminal :: 19 Comments »