Dear fellow mac admins,

Over the last couple of days we've seen a sad (but probably sound) development in AFP auto-mounting volumes via script.

macOS security patch 2018-006 has broken most of our nice little auto-mounting scripts for customers, throwing pre-populated login-box rather than mounting the file share and volume.

Prerequisites for this to work has been that the users AFP-credentials has been present in the keychain, which in turn allowed for

#!/bin/sh
open afp://server-fqdn/share

to be run by a script (with some error handling and checking beforehand).

This patch is applied all the way down to macOS 10.12 at least, and the way we're about to circumnavigate it is with by building, signing and TCCing (verb?) a wee .app.

Testing done so far with outcome:

macOS 10.14.1 (18B75):
open afp://server-fqdn/share - without keychain item:
prompted for login.
Arrives at 'Select the volume' window regardless of specified absolute path

open afp://server-fqdn/share - with keychain item:
not prompted for login.
Arives at right volume

macOS 10.12.6 (16G1710) (This is 10.12.6. with 2018-006 applied):
open afp://server-fqdn/share - without keychain item:
prompted for login
Arrives at 'Select the volume' window regardless of specified absolute path

open afp://server-fqdn/share - with keychain item:
prompted for login. Details pre-filled
Arrives at 'Select the volume' window regardless of specified absolute path

macOS 10.14.2 (18C54):
open afp://server-fqdn/share - without keychain item:
prompted for login
Arrives at 'Select the volume' window regardless of specified absolute path

open afp://server-fqdn/share - with keychain item:
prompted for login. Details pre-filled
Arrives at 'Select the volume' window regardless of specified absolute path

Any similar experiences, comments, cooler workarounds than ours?
Happy for any inspiration/feedback.

Thanks!