Help with Kerberos authentication process

Patrick Mutombo pamutombo at
Wed Nov 14 14:29:20 EST 2012


I'm working on a Linux integration project into Active Directory for my
organization. The Linux clients are RHEL 5/6 and the AD is running MS
Windows 2008. Among multiple options, I'm ok with the Winbind/Kerberos
option. I've set up the my lab environment and now the Linux systems can
authenticate AD users. Before exporting the solution to the production
environment, I wanted to have a look on the authentication traffic with a
packet analyser when I noticed that every time a Linux client initiates an
authentication request to the KDC, the username is transmitted in clear
text within the Kerberos AS-REQ packet. Is it normal behavior of the
Kerberos protocol or should I expect that the username be also hidden?
Any help on this will be highly appreciated.

Best regards,


More information about the Kerberos mailing list