Kerberos V5 Authentication for a Telnet Session - Kerberos

This is a discussion on Kerberos V5 Authentication for a Telnet Session - Kerberos ; Here is what i want to do. I want to establish a telnet connection from a client to a server. The authentication mechanism that i want to use for telnet connection is kerberos v5. What I Have Done So Far: ...

+ Reply to Thread
Results 1 to 4 of 4

Thread: Kerberos V5 Authentication for a Telnet Session

  1. Kerberos V5 Authentication for a Telnet Session

    Here is what i want to do. I want to establish a telnet connection from
    a client to a server. The authentication mechanism that i want to use
    for telnet connection is kerberos v5.

    What I Have Done So Far:
    I have setup two virtual machines (both windows 2003 server enterprise
    edition) on VMWare. I have made one of them a server (a domain
    controller) and other a client. On the server, i
    have installed Active Directory. On the server i registered a new user
    in active directory. Using this user i can log in to the domain from
    clients machine. Now, from the clients machine, when i try to connect
    to the server using the windows builtin telnet client, the login
    attempt fails. The message that is displayed on the console is "Failure
    in initializing the telnet session. Shell process may not have been
    launched.". In the server event viewer, there is an error saying "Error
    in creating CMD proces. System Error: Access is denied.". After
    searching the internet, i found out a couple of proposed solutions for
    the first error. One of them was for win xp 64 bit edition. Tried it
    but no avail. The 2nd
    one said to make sure that Secondary Logon service is running. Tried
    that too but no affect at all. If i unset NTLM auth from the client
    side then it simply asks me to enter user name and password. Obviously
    this is not what i want. I want the user to be authenticated by means
    of kerberos v5 protocol. So now i am wondering how can i make kerberos
    v5 authentication to work with telnet. Any help would be highly
    appreciated.


    Thanks,

    sarshah


  2. Re: Kerberos V5 Authentication for a Telnet Session

    Neither Microsoft's Telnet Server nor their Telnet client support
    Kerberos authentication. In order to use Kerberos 5 authentication
    on Windows you will need to find third party products that provide
    this functionality.

    Jeffrey Altman


    sarshah20@yahoo.com wrote:
    > Here is what i want to do. I want to establish a telnet connection from
    > a client to a server. The authentication mechanism that i want to use
    > for telnet connection is kerberos v5.
    >
    > What I Have Done So Far:
    > I have setup two virtual machines (both windows 2003 server enterprise
    > edition) on VMWare. I have made one of them a server (a domain
    > controller) and other a client. On the server, i
    > have installed Active Directory. On the server i registered a new user
    > in active directory. Using this user i can log in to the domain from
    > clients machine. Now, from the clients machine, when i try to connect
    > to the server using the windows builtin telnet client, the login
    > attempt fails. The message that is displayed on the console is "Failure
    > in initializing the telnet session. Shell process may not have been
    > launched.". In the server event viewer, there is an error saying "Error
    > in creating CMD proces. System Error: Access is denied.". After
    > searching the internet, i found out a couple of proposed solutions for
    > the first error. One of them was for win xp 64 bit edition. Tried it
    > but no avail. The 2nd
    > one said to make sure that Secondary Logon service is running. Tried
    > that too but no affect at all. If i unset NTLM auth from the client
    > side then it simply asks me to enter user name and password. Obviously
    > this is not what i want. I want the user to be authenticated by means
    > of kerberos v5 protocol. So now i am wondering how can i make kerberos
    > v5 authentication to work with telnet. Any help would be highly
    > appreciated.
    >
    >
    > Thanks,
    >
    > sarshah
    >


    --
    -----------------
    This e-mail account is not read on a regular basis.
    Please send private responses to jaltman at mit dot edu

  3. Re: Kerberos V5 Authentication for a Telnet Session

    Thanks for the reply. The reason i want to use kerberos V5
    authentication is because i want to study

    the telnet packects exchanged between client and the server for this
    kind of authentication. I have tried setting up a 3rd party Kerberized

    client and the server (cant recall the name right now) but they never
    did any kerberized authentication. The

    telnet authentication option packect captured showed that the auth type
    was not kerberos v5. So now the

    question is what third party telnet client and server that i can use to
    easily simulate telnet auth based on

    kerberos v5 (easily means where i dont have to set a lot of options).
    Or if there is any other way i can use to

    achieve my purpose (beside studying RFC)? Let me reiterate the purpose.
    The purpose is to study the packects

    exchanged between telnet client and server when they are authenticating
    using kerberos v5 authentication type.

    Thanks for your help.

    sarshah


  4. Re: Kerberos V5 Authentication for a Telnet Session

    sarshah20@yahoo.com wrote:
    > Thanks for the reply. The reason i want to use kerberos V5
    > authentication is because i want to study
    >
    > the telnet packects exchanged between client and the server for this
    > kind of authentication. I have tried setting up a 3rd party Kerberized
    >
    > client and the server (cant recall the name right now) but they never
    > did any kerberized authentication. The
    >
    > telnet authentication option packect captured showed that the auth type
    > was not kerberos v5. So now the
    >
    > question is what third party telnet client and server that i can use to
    > easily simulate telnet auth based on
    >
    > kerberos v5 (easily means where i dont have to set a lot of options).
    > Or if there is any other way i can use to
    >
    > achieve my purpose (beside studying RFC)? Let me reiterate the purpose.
    > The purpose is to study the packects
    >
    > exchanged between telnet client and server when they are authenticating
    > using kerberos v5 authentication type.
    >
    > Thanks for your help.
    >
    > sarshah


    The best way to understand the contents of the TELNET AUTH KRB5
    authentication is to read the RFC.

    C-Kermit's Telnet Debugging is superb if what you are looking for
    are dumps of the negotiations.

    Jeffrey Altman

    --
    -----------------
    This e-mail account is not read on a regular basis.
    Please send private responses to jaltman at mit dot edu

+ Reply to Thread