22Ara
Playing with krlogin I found the connection to be in cleartext
Today I'm playing with kerberos on old solaris10 machine (I know support is ending, security, etc.. is a local vm, used for testing and knownledge). Setup kerberos on Solaris10 server, I made rlogin with Slackware client (rlogin kerberized using the krb5-appl package). On server I run tcpdump to see if any text in clear go and...
On client
/usr/bin/krlogin -PN solaris10
echo 22mypassword\!
On server
tcpdump -i e1000g0 -xX -vv|gegrep --color mypassword
0x0030: cc82 bd5d 3232 6d79 7061 7373 776f 7264 ...]22mypassword!
This mean is not encrypted.
I have missed something, or kerberos encrypt only "password exchange?"
