> > Even with a certificate only the traffic is covered by the ssl the > UserName and Password are sent as clear text
Just thought I should clarify this a bit more, what "clear text" means in this scenario is that the username and password are sent as they are and not as a hash you typically see with NTLM or Kerberos authentication. The actual data is doubly encrypted/wrapped during the authentication process with * The wrap method of the underlying auth used, either NTLM (RC4) or Kerberos (AES256), then * TLS encrypted based on the session setup in CredSSP auth So yes it is inherently more insecure compared to Kerberos, and to an extent NTLM, as the credentials are sent as is but the value is still protected through 2 layers of encryption meaning someone sniffing the network packets won't be able to see it. Thanks Jordan -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/bd7c91e2-85e9-4ce5-8b30-69326f4840b5%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
