Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
The Telnet: NT LAN Manager (NTLM) Authentication Protocol specifies how a Telnet client and Telnet server can use the NT LAN Manager (NTLM) Authentication Protocol (as specified in [MS-NLMP]) so that the Telnet server can authenticate the Telnet client. NTLM is a challenge-response style authentication protocol that depends on the application layer protocols to transport NTLM packets from client to server and from server to client.
The Telnet: NTLM Authentication Protocol is an extension to the Telnet Authentication Option, as specified in [RFC2941]. While the Telnet Authentication Option specifies how a Telnet server and Telnet client can negotiate an authentication scheme, the Telnet: NTLM Authentication Protocol Specification specifies how a Telnet client and Telnet server encapsulate NTLM messages in the Telnet Authentication Option SEND, IS, and REPLY commands so that the Telnet server can authenticate the Telnet client by using the NTLM Authentication Protocol. The Telnet client and the Telnet server are required to use the protocol specified in the Telnet Authentication Option, as specified in [RFC2941], to negotiate for NTLM authentication before they can use the Telnet: NTLM Authentication Protocol.
The Telnet: NTLM Authentication Protocol is an embedded protocol in which Telnet: NTLM Authentication Protocol packets are embedded in Telnet Authentication Option (as specified in [RFC2941]) commands. The following diagram illustrates the relationship between the NTLM message, the Telnet: NTLM Authentication Protocol packet, and the Telnet Authentication Option command.
Figure 1: Relationship between NTLM message, Telnet: NTLM Authentication Protocol packet, and Telnet Authentication Option command
The Telnet: NTLM Authentication Protocol is a pass-through protocol that does not specify the structure of NTLM information. Instead, the protocol relies on the software that implements the NTLM Authentication Protocol (as specified in [MS-NLMP]) to process each NTLM message to be sent or received.
The Telnet: NTLM Authentication Protocol defines a server and a client role.
The sequence that follows shows the typical flow of packets between client and server.
The Telnet client sends an NTLM NEGOTIATE_MESSAGE embedded in a Telnet packet to the server.
On receiving the Telnet packet with an NTLM NEGOTIATE_MESSAGE, the Telnet server sends an NTLM CHALLENGE_MESSAGE embedded in a Telnet packet to the client.
In response, the Telnet client sends an NTLM AUTHENTICATE_MESSAGE embedded in a Telnet packet to the server to successfully complete the authentication process.
The NTLM NEGOTIATE_MESSAGE, NTLM CHALLENGE_MESSAGE, and NTLM AUTHENTICATE_MESSAGE packets contain NTLM authentication data that have to be processed by the NTLM software installed on the local computer. How to retrieve and process NTLM messages is specified in [MS-NLMP].
Implementers of the Telnet: NTLM Authentication Protocol are required to possess a working knowledge of the Telnet Protocol (as specified in [RFC854]), the Telnet Option (as specified in [RFC855]), the Telnet Authentication Option (as specified in [RFC2941]), and the NTLM Authentication Protocol (as specified in [MS-NLMP]).