Episode 5.12 @26:07.
The second step of the kerberos process Adam says client encrypts ONLY the username using AES. I thought the username was sent in the clear, and everything I've found seems to back that up. Including logically how would the KDC know the key to decrypt the username;
I've also seen the username in auth on the wire at least for MS Kerb auth.