Telnet Server Authentication
Updated: March 29, 2010
Applies To: Windows 7, Windows Server 2008, Windows Server 2008 R2, Windows Vista
Authentication is the means by which a user is identified and authorized. Telnet Server supports two methods of authentication: NTLM and password (plaintext).
If you use NTLM authentication, Windows-based clients use the Windows security context for authentication, and the user is not prompted for a user name and password. The current user name and password are encrypted.
If you use password authentication, the user name and password are sent to the computer running Telnet Server as plaintext. Anyone capturing the packets of the authentication process can easily read the password and use it to gain unauthorized access to your intranet. The use of password authentication is therefore highly discouraged.
Even if your Telnet server is configured to support NTLM authentication, NTLM might not be the chosen mode of client authentication. This occurs when your client is:
A Windows-based Telnet client that is configured to not use NTLM.
A Telnet client on a computer running another operating system, such as UNIX.
In these scenarios, the only other authentication method supported by the Telnet server is the password, or plaintext, authentication method.
|If you enable IPsec on the computers running Telnet Client and Telnet Server, then the entire data stream can be encrypted at the IP layer, independently from Telnet. For more information see, the IPsec Web page (http://www.microsoft.com/ipsec) at the Microsoft Web site.|
In Windows 7, Windows Server 2008 R2, Windows Vista, and Windows Server 2008, User Account Control (UAC) protects members of the Administrators group from unauthorized use of their administrative rights. To understand how UAC impacts administrators, see Telnet and User Account Control.
|Although NTLM authentication data is encrypted, the actual data being transferred can be read by anyone on the network. Because Telnet session traffic is not secure, ensure that no sensitive data is sent or received during a Telnet session.|
For more information about configuring Telnet authentication, see Configure Telnet Server Authentication (http://go.microsoft.com/fwlink/?LinkId=106276), and Configure How the Client Authenticates to a Telnet Server (http://go.microsoft.com/fwlink/?LinkId=106277), in the Telnet Operations Guide.