|
Posted by Steven L Umbach on October 27, 2005, 1:14 pm
Please log in for more thread options Look into using ipsec. You could create an ipsec require policy on the
server for the telnet port and configure the client computer with a
client/respond policy. Then the two computers will have to authenticate via
kerberos [default authentication protocol but certificates can be used also]
and create the ipsec tunnel before the user ever gets a prompt for a
password. The user still have to use ntlm but the challenge response will go
through a very secure encrypted tunnel if that is your concern. Computers
that do not have a compliant ipsec policy would not be able to access that
port used for telnet. You can specify the IP addresses in the filter list
for the ipsec policy to block all IP for telnet and then another rule to
allow the specified IPs requiring ipsec EH for telnet. --- Steve
> Here is what i want to do. I want to establish a telnet connection from
> a client to a server. The authentication mechanism that i want to use
> for telnet connection is kerberos v5.
>
> What I Have Done So Far:
> I have setup two virtual machines (both windows 2003 server enterprise
> edition) on VMWare. I have made one of them a server (a domain
> controller) and other a client. On the server, i
> have installed Active Directory. On the server i registered a new user
> in active directory. Using this user i can log in to the domain from
> clients machine. Now, from the clients machine, when i try to connect
> to the server using the windows builtin telnet client, the login
> attempt fails. The message that is displayed on the console is "Failure
> in initializing the telnet session. Shell process may not have been
> launched.". In the server event viewer, there is an error saying "Error
> in creating CMD proces. System Error: Access is denied.". After
> searching the internet, i found out a couple of proposed solutions for
> the first error. One of them was for win xp 64 bit edition. Tried it
> but no avail. The 2nd
> one said to make sure that Secondary Logon service is running. Tried
> that too but no affect at all. If i unset NTLM auth from the client
> side then it simply asks me to enter user name and password. Obviously
> this is not what i want. I want the user to be authenticated by means
> of kerberos v5 protocol. So now i am wondering how can i make kerberos
> v5 authentication to work with telnet. Any help would be highly
> appreciated.
>
>
> Thanks,
>
> sarshah
>
| 
XML Sitemap