The system must use the vSphere Authentication Proxy to protect passwords when adding ESXi hosts to Active Directory.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| SRG-OS-99999-ESXI5-000160 | SRG-OS-99999-ESXI5-000160 | SRG-OS-99999-ESXI5-000160_rule | Medium |
| Description |
|---|
| ESXi hosts configured to join an Active Directory domain using host profiles do not protect the passwords used for host authentication. To avoid transmitting clear text passwords, the vSphere Authentication Proxy must be used to configure hosts in an Active Directory. |
| STIG | Date |
|---|---|
| VMware ESXi v5 Security Technical Implementation Guide | 2013-01-15 |
Details
| Check Text ( C-SRG-OS-99999-ESXI5-000160_chk ) |
|---|
| From the vSphere client, select "Host Profiles". Right click the Host Profile and select Edit. Choose "Authentication configuration >> Active Directory Configuration >> Join Domain Method". Verify the Join Domain Method is set to "Use vSphere Authentication Proxy to add the host to domain". If the Join Domain Method is not set to "Use vSphere Authentication Proxy to add the host to domain", this is a finding. |
| Fix Text (F-SRG-OS-99999-ESXI5-000160_fix) |
|---|
| From the vSphere client, select "Host Profiles". Right click the Host Profile and select Edit. Choose "Authentication configuration >> Active Directory Configuration >> Join Domain Method". Set the Join Domain Method to "Use vSphere Authentication Proxy to add the host to domain". |