Hi,

I am currently testing ZCM 10.3.0a in a lab environemnt on Windows 2008 SP2 server with XP SP3 clients.

I initially set up a user source to 2008 AD using username and password. This worked well but a Wireshark trace confirmed usernames and password being transimited over wire in clear text. Obviously not good.

In order to resolve this issue I decided to implement kerberos as an authentication mechanism. I created the keytab file and installed as per the ZCM admin doc. All worked well but I could still see usernames and password on wireshark so I removed username and password and now have kerberos as the sole authentication mechanism. Now no clear text usernames and password on wireshark.

I have a couple of questions though regarding this configuration.

1. Does the keytab file expire after a period of time?

2. What logs can I check to confirm all is well with the kerberos authentication mechanism. The ats trace log on the primary has stopped logging since I changed the auth mech config. The same log on the test sattelite shows as below which would suggest kerberos auth is ok there.

Thanks in advance,

Mark.



2010-08-17 14:54:04,546 INFO [ClientAddr=192.168.164.101] GetAuthPolicy Rpc, Host=localhost, Svc=com.novell.zenworks.lab.local, Status=SUCCESS
2010-08-17 14:54:05,106 INFO [ClientAddr=192.168.164.101] Authenticate Rpc, Mech=Krb5Authenticate, Realm=lab.local, Status=SUCCESS
2010-08-17 14:54:05,205 INFO [ClientAddr=192.168.164.101] GetAuthToken Rpc, Host=localhost, Svc=com.novell.zenworks.lab.local, Status=SUCCESS
2010-08-17 14:58:14,362 INFO [ClientAddr=192.168.164.101] GetAuthPolicy Rpc, Host=localhost, Svc=com.novell.zenworks.lab.local, Status=SUCCESS
2010-08-17 14:58:14,489 INFO [ClientAddr=192.168.164.101] Authenticate Rpc, Mech=Krb5Authenticate, Realm=lab.local, Status=SUCCESS
2010-08-17 14:58:14,622 INFO [ClientAddr=192.168.164.101] GetAuthToken Rpc, Host=localhost, Svc=com.novell.zenworks.lab.local, Status=SUCCESS
2010-08-17 16:43:58,464 INFO [ClientAddr=192.168.164.101] GetAuthPolicy Rpc, Host=localhost, Svc=com.novell.zenworks.lab.local, Status=SUCCESS
2010-08-17 16:43:58,998 INFO [ClientAddr=192.168.164.101] Authenticate Rpc, Mech=Krb5Authenticate, Realm=lab.local, Status=SUCCESS