patmut |
11-14-2012 06:54 AM |
Kerberos displays username in cleartext while logging to Active Directory, is it ok?
I'm working on a Linux integration project into Active Directory for our business organization. The Linux clients are RHEL 5/6 and the AD is running MS Windows 2008. Among multiple options, I'm ok with the Winbind/Kerberos option. I've set up the my lab environment and now the Linux systems can authenticate AD users. Before exporting the solution to the production environment, I wanted to have a look on the authentication traffic when I've noticed that every time a client initiates a authentication request to the AD, the username is transmitted in clear text within the Kerberos AS-REQ packet. Is it normal behavior of the Kerberos protocol or should I expect that the username be also encrypted?
|