Telnet Server authentication

  • Article

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

Telnet Server authentication

Authentication is the means by which a user is identified and authorized. Telnet Server supports two methods of authentication: NTLM and plaintext.

If you use NTLM authentication, Windows-based clients use the Windows security context for authentication, and the user is not prompted for a user name and password. The user name and password are encrypted. Sessions that do not use encryption use unencrypted text (also known as plaintext) and are visible across the network.

If you do not use NTLM authentication the user name and password are sent to the computer running Telnet Server as plaintext. Anyone capturing the packets of the authentication process can easily read the password and use it to gain unauthorized access to your intranet. The use of plaintext authentication is therefore highly discouraged.

If User Must Change Password at Next Logon is set for a user, an attempt to log on to the computer running Telnet Server will fail. The user must log on to the server directly and change the password, then log on through Telnet.

If you connect to a computer running Telnet Server using NTLM authentication, you will not be able to access additional network resources because of a limitation of the NTLM authentication. In order to access network resources from a Telnet session, you need to access network drives by providing your user name and password again.

NTLM might not be the chosen mode of client authentication. This occurs when your client is:

  • A Windows-based client that does not use NTLM by choice

  • A UNIX Telnet client

In this scenario, the only other authentication method supported by the computer running Telnet Server is the user name/password method. In this method, the user name and password are sent as plaintext for authentication by the server.

For information about how to set authentication methods, see Telnet Command-line Reference for Telnet Server.

Note

  • Although authentication data might be encrypted, the actual data being transferred can be read by anyone on the network. Because Telnet session traffic is not secure, ensure that no sensitive data is sent or received during a Telnet session.