Re: Kerberos V5 Authentication for a Telnet Session

From: S. Pidgorny (slavickp_at_yahoo.com)
Date: 10/27/05 

Date: Thu, 27 Oct 2005 20:32:20 +1000

I think neither Windows telnet client nor Windows telnet server support
Kerberos authentication - with the built-ins, you're limited to NTLM
authentication (info and links in the KB -
http://support.microsoft.com/?id=299942). There are probably 3rd-party
products but if you're after secure remote console, I'd recommend using SSH
instead. But if you'll need Kerberos support in SSH, this gets complicated
yet again. 

-- 
Svyatoslav Pidgorny, MS MVP - Security, MCSE
-= F1 is the key =-
<sarshah20@yahoo.com> wrote in message
news:1130408467.815243.177620@g49g2000cwa.googlegroups.com...
> Here is what i want to do. I want to establish a telnet connection from
> a client to a server. The authentication mechanism that i want to use
> for telnet connection is kerberos v5.
>
> What I Have Done So Far:
> I have setup two virtual machines (both windows 2003 server enterprise
> edition) on VMWare. I have made one of them a server (a domain
> controller) and other a client. On the server, i
> have installed Active Directory. On the server i registered a new user
> in active directory. Using this user i can log in to the domain from
> clients machine. Now, from the clients machine, when i try to connect
> to the server using the windows builtin telnet client, the login
> attempt fails. The message that is displayed on the console is "Failure
> in initializing the telnet session. Shell process may not have been
> launched.". In the server event viewer, there is an error saying "Error
> in creating CMD proces. System Error: Access is denied.". After
> searching the internet, i found out a couple of proposed solutions for
> the first error. One of them was for win xp 64 bit edition. Tried it
> but no avail. The 2nd
> one said to make sure that Secondary Logon service is running. Tried
> that too but no affect at all. If i unset NTLM auth from the client
> side then it simply asks me to enter user name and password. Obviously
> this is not what i want. I want the user to be authenticated by means
> of kerberos v5 protocol. So now i am wondering how can i make kerberos
> v5 authentication to work with telnet. Any help would be highly
> appreciated.
>
>
> Thanks,
>
> sarshah
>

Relevant Pages

  • Re: WCF security advice (and clarification) needed
    ... You, the client, resolve the foo.mycompany.com hostname within your ... TCP/IP) with that ticket as the security token. ... There are two parties participating in a security scenario, the server ... HTTP supports other authentication ...
    (microsoft.public.dotnet.framework.webservices)
  • Re: Aironet 1200/Radius Help Needed
    ... I just fired up a W2003 Advanced Server so that I can take ... >> IAS servers (do I need a separate certificate for the secondary IAS ... >> of authentication since it involves just installing the certificate on ... >between the AP and the client. ...
    (microsoft.public.internet.radius)
  • Re: SBS 2003 SP 1 on MSDN disks
    ... the PPPoE client, which I believe it operate as, even if Earthlink does not know it, and stop using the Windows Server 2003 PPPoE client to connect. ... I have started the Telnet service on my client computer ... I have started the Telnet service on the SBS2003 server. ...
    (microsoft.public.windows.server.sbs)
  • Re: Windows Authentication, Single sign on and Active Directory
    ... service proxy client fails to connect due to authentication failure and then ... Co-author of "The .NET Developer's Guide to Directory Services Programming" ... The server is always in the domain. ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • Re: Outlook -> remote exchange -> always wants a password
    ... I have my server set to use Integrated Windows authentication over SSL. ... almost certainly "break" your existing users if the client setup does not ... Close out of these configuration dialogs, ...
    (microsoft.public.windows.server.sbs)