Help with Kerberos authentication process

Greg Hudson ghudson at MIT.EDU
Wed Nov 14 15:05:33 EST 2012

On 11/14/2012 02:29 PM, Patrick Mutombo wrote:
> I noticed that every time a Linux client initiates an
> authentication request to the KDC, the username is transmitted in clear
> text within the Kerberos AS-REQ packet. Is it normal behavior of the
> Kerberos protocol or should I expect that the username be also hidden?
> Any help on this will be highly appreciated.

This is normal.

It is theoretically possible to mask the username in a krb5 request when
using FAST, but we don't have support for it.

More information about the Kerberos mailing list