|
telnet
|
With Microsoft's custom versions for telnet from their product Services For Unix (SFU),
NTLM authentication is used instead of cleartext passwords, OR
Windows NT 4.0 with current Service Patch and hotfixes, OR
Windows 2000 Server with current Service Patch and hotfixes
|
Win2000 Telnet Server Services (max: 2 connections) or the the telnet server
from Microsoft's Services for Unix
(SFU) product. See MS notes: Q299942; Q226107 for registry entries; Q225233.
Opens CMD.EXE or another, configured shell for the user
who is connecting.
Not kerb'ed. Choice of NTLM or plain text authentication or both. With
NTLM, need SFU client. See
this document. Unclear if it may be SSL-protected.
Alternative:
Citrix Terminal Services, usually using Citrix Secure
Gateway, which is an SSL deployment.
|
|
pop
|
|
If Exchange Server was configured to provide POP mail service, then
it can be additionally configured to use NTLM (???) authentication
by editing the registry (......).
To understand authentication options, see our MS Authentication
document and Microsoft's document
Q272492.
It explains the use of the Registry key
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\LSA key LmCompatibilitylevel
which can place limits on the allowed authentication methods for the domain.
IMAP and POP (?) related to the pine distribution, GSSAPI (win?),
available
here
|
|
ftp
|
Windows NT 4.0 with current Service Patch and hotfixes, OR
Windows 2000 Server with current Service Patch and hotfixes
|
The standard IIS FTP has an SSL option. To enable it, see
Microsoft's Knowledge Base article about using IIS 5.0 and Certificate
Server 2.0
(
Q299525). Other references:
Installing a Secure Server Certificate on Microsoft IIS 5.0 from trustwise.com;
Q290625 (same in a test environment).
FileZilla Server supports Kerberos authentication using the GSSAPI
API. (But not SSL, as of 18 Jul 2002.)
|
