This section describes your configuration options when loading the AFP module. You can specify most of these options on the standard LOAD AFP command line in AUTOEXEC.NCF. The LOAD command-line syntax for specifying these options is

LOAD AFP options

Table 17. AFP LOAD Command Line Options

Changing the Macintosh User Authentication Method

You can enforce NetWare password encryption on Macintosh clients by loading the AFP module with the ENCRYPT option:

LOAD AFP ENCRYPT

When you set the ENCRYPT option and the NetWare UAM software has not been installed on a Macintosh client, the user will be unable to log in to the server.

The ENCRYPT option causes the AFP module to accept only passwords encrypted by the NetWare User Authentication Method (UAM) software on the Macintosh client. NetWare password encryption represents a significant security enhancement. If your installation is security-conscious, you should use it.

NOTE:  Note that you must install the NetWare UAM software on each Macintosh client to enforce password encryption. Please see the Using the NetWare for Macintosh Client guide for instructions.

When you use the ENCRYPT option, all passwords on Macintosh clients must be encrypted by the NetWare UAM software before being transmitted to the file server. This action prevents a user with packet-analyzer software from detecting a "clear text" AppleShare-style password while it is in transit to the file server on the network cable. (Although AppleShare supports its own "Scrambled" encryption method, the server does not recognize AppleShare's encryption method, so the password defaults to clear text.)

Once you install the NetWare UAM on the Macintosh client, the Macintosh user's login procedure changes in these ways:

Performance Issues: Delaying Macintosh Finder Updates

You can use the DELAY option to specify the number of seconds for the AFP module to delay before informing the Macintosh Finder that a folder's contents have been changed. This option reduces background traffic caused by the default Finder behavior when many Macintosh clients are accessing a common folder hierarchy.

By default, the Finder behaves like this when accessing a file server volume:

• When a Macintosh user changes a folder's contents (for example, by creating or deleting a file), the Finder on that user's Macintosh immediately updates the folder contents to reflect the change.
• The Finder on other Macintosh clients who are working in the same folder delays up to 10 seconds and then updates the folder contents on the other users' screens to reflect the change.

To specify a longer delay for the Finder on other Macintosh clients accessing the same folder, use the command:

LOAD AFP DELAYnnn

nnn is the number of seconds delay (greater than 10). For example, the command line might look like this:

LOAD AFP DELAY30

This command line causes the AFP module to wait thirty seconds before informing the Finder that folder contents have changed. In this case, the other users sharing the same folder do not see an update until (1) they close and reopen the folder window (causing the Finder on their Macintosh to automatically update folder contents), or (2) thirty seconds has elapsed, whichever comes first.

The trade-offs in using the DELAY option are these:

1. If many Macintosh clients access a common folder hierarchy, the DELAY option reduces the amount of background traffic on the network.
2. Macintosh users can be inconvenienced if they are not shown folder changes in a short period of time. For example, users may try to access files that have been deleted but still appear in their version of the folder.

Performance Issues: Changing Cache-Buffer Writes

The NetWare cache-buffer flush mechanism is highly reliable, but it returns disk-write confirmation before it finishes writing the cache-buffer contents to disk. You can force the AFP module to wait for the entire contents to be written to disk by using the IF ("Immediate Flush") option on the LOAD AFP command line. The main benefit of this flag option is increased assurance that users will not lose data in the event of a system crash.

To modify the cache-buffer flush mechanism for AFP logins, use this command:

LOAD AFP IF

When you use this command line, cache buffers will continue to write their data to disk every three seconds (the standard NetWare mechanism), but the AFP module will wait for full disk write confirmation before proceeding.

NOTE:  The use of this option causes a significant performance penalty.

You can limit the number of login sessions the AFP module allows by using the LS option on the LOAD AFP command line. To limit the number of AFP login sessions, use the command:

LOAD AFP LSnnn

nnn is the number of sessions. For example, if you are running the 100-user version of NetWare for Macintosh, you might enter

LOAD AFP LS50

This command line limits the number of sessions to 50. If 50 login sessions are in use and another user attempts to log in, a message appears indicating that the server is not responding or is busy.

You might want to use this option if you have a very large print requirement and expect Macintosh users to require more concurrent print jobs than are currently provided for, or if you are running NetWare applications or NLMs that use AppleTalk connections, but not AFP login sessions.

Protecting the NetWare Name Services Environment

If you are running in a NetWare Name Services (NNS) environment, you can protect the consistency of user passwords in Name Services domains by using the NCPW option on the LOAD AFP command line. This option causes the AFP module to prevent Macintosh users from changing their passwords on the file server. To accomplish this task, use this command:

LOAD AFP NCPW

NOTE:  The Macintosh Chooser does not allow a user to change his or her password when the NetWare UAM is installed. However, only the NCPW option will cause the AFP module to actively prevent passwords from being changed by anyapplication based on AFP.