From VMware ESXi Server 5.0 Security Technical Implementation Guide
Part of SRG-OS-99999-ESXI5
Associated with: CCI-000366
ESXi hosts configured to join an Active Directory domain using host profiles do not protect the passwords used for host authentication. To avoid transmitting clear text passwords, the vSphere Authentication Proxy must be used to configure hosts in an Active Directory.
For systems that do not use Active Directory and have no local user accounts, other than root and/or vpxuser, this check is not applicable. NOTE: vSphere Authentication Proxy is available via the vSphere vCenter Server ISO. Although mainly used with Auto Deploy, which is available only with the vSphere Enterprise Plus Edition, vSphere Authentication Proxy does not require a specific vSphere Edition (i.e., Standard vs Enterprise) to be installed. From the vSphere client, select "Host Profiles". Right click the Host Profile and select Edit. Choose "Authentication configuration >> Active Directory Configuration >> Join Domain Method". Verify the Join Domain Method is set to "Use vSphere Authentication Proxy to add the host to domain". If the vSphere Authentication Proxy is installed and the Join Domain Method is not set to "Use vSphere Authentication Proxy to add the host to domain", this is a finding.
From the vSphere client, select "Host Profiles". Right click the Host Profile and select Edit. Choose "Authentication configuration >> Active Directory Configuration >> Join Domain Method". Set the Join Domain Method to "Use vSphere Authentication Proxy to add the host to domain".
Lavender hyperlinks in small type off to the right (of CSS
class id, if you view the page source) point to
globally unique URIs for each document and item. Copy the
link location and paste anywhere you need to talk
unambiguously about these things.
You can obtain data about documents and items in other
formats. Simply provide an HTTP header Accept:
text/turtle or
Accept: application/rdf+xml.
Powered by sagemincer