LDAP over TCP: LDAP communication over the TCP protocol is encrypted GSS-API mechanism.
CLDAP: CLDAP communication is not encrypted.
Kerberos: All Kerberos packets are encrypted and protected by NICI SDI key in eDirectory.
Kerberos keys in file (required by Samba and xadsd) are not encrypted.
File access over SMB: Any file access through SMB is not encrypted.
RPC (over SMB or TCP): Any remote procedure calls through SMB or TCP mostly encrypted.
DNS: Name resolution queries are not encrypted. But dynamic updates are secured by TSIG key encryption.
File Replication: Changes to file are replicated to domain controllers using rsynch method via SSH channel.
The NTLM keys are obfuscated with the user's relative identifier (RID) and stored in eDirectory.