10.0 Encryption

  • LDAP over TCP: LDAP communication over the TCP protocol is encrypted GSS-API mechanism.

  • CLDAP: CLDAP communication is not encrypted.

  • Kerberos: All Kerberos packets are encrypted and protected by NICI SDI key in eDirectory.

    Kerberos keys in file (required by Samba and xadsd) are not encrypted.

  • File access over SMB: Any file access through SMB is not encrypted.

  • RPC (over SMB or TCP) : Any remote procedure calls through SMB or TCP mostly encrypted.

  • DNS: Name resolution queries are not encrypted. But dynamic updates are secured by TSIG key encryption.

  • File Replication: Changes to file are replicated to domain controllers using rsynch method via SSH channel.

The NTLM keys are obfuscated with the user's relative identifier (RID) and stored in eDirectory.