Critical Host Compliance: Telnet Clients

At the end of January 2003, Telnet connections to critical hosts that allow passwords to travel over the network in clear text will no longer be permitted. This change is mandated by the Critical Host Policy. As part of an earlier phase of the policy, critical servers on campus were already configured to support secure connections. The next phase is to make sure that Telnet client software on campus is also in compliance.

For users, this means that some Telnet clients will no longer work and individuals using them to access email and other services will need to install new software.

The chart below summarizes a few of the ways users currently access host-based email and other Telnet services that will no longer work:

To ease the transition and to avoid any concerns as the deadline approaches, LSPs are strongly encouraged to help users update their desktops as soon as possible.

After the Critical Host Policy for Telnet clients goes into effect, users on most servers will have two secure alternatives:

• Use a Kerberos-configured Telnet client in conjunction with a Kerberos ticket manager; or
• Access the server using the Secure SHell (SSH) protocol, instead of Telnet.

Once users connect to the server using either secure alternative, their experience will be identical to what they experienced using plain Telnet.

The chart below summarizes the various secure ways in which users can currently access host-based email and other Telnet services:

For more information about clients and configuration, please see the Supported Products page.