NOTE: The Windows IKSD Beta test is over. As of 2 April 2002, Windows IKSD is incorporated into Kermit 95. CLICK HERE for details.

The Kermit Project would like to announce the start of a public testing period for a new (to be free) Internet Kermit Service for Microsoft Operating Systems (Windows 95/98/NT4/2000).

An Internet Kermit Service provides both anonymous and authenticated access to file systems of a host onto which it is installed. The IKS is an alternative to FTP that provides all of the advantages of the Kermit file transfer protocol and the Kermit Script programming language; works across multiple firewalls; Network Address Translators; and multiple transports (e.g. dialup terminal server to IP; or LAT to IP; or NetBEUI to IP; or IPX to IP; ...)

The IKS for Windows can be used with or without Kermit 95 installed on the machine. The IKS can be used with any Telnet client that supports Kermit file transfer protocol.

End user authentication may be performed in one of the following methods:

• username (domain/user) and password prompts

  The user is authenticated against the local machine (if no domain is specified) using LogonUser() or the NTLM SSPI. When TLS is supported by the client and server, the username and password will be transmitted over a secure connection.

  Anonymous access is provided using the "GUEST" account on the local machine.

• Kerberos 4 or Kerberos 5

  When MIT Kerberos for Microsoft Operating Systems is installed with appropriate keytabs for the local machine, end users can authenticate to the IKS using Kerberos 4 or Kerberos 5. It is currently required that the Kerberos principal name match the name of the end user on the local machine or in the default Domain. No principal to userid translation functions are currently supported.

• Secure Remote Password

  If TPASSWD and TPASSWD.CONF files are available on the local machine, the users listed in the TPASSWD file may authenticate to the IKS using the assigned SRP password. It is currently required that the SRP userid match the name of the end user on the local machine or in the default Domain. No SRP userid to Windows userid translation functions are currently supported.

• X.509 client certificates

  Functions are provided to allow for the verification of X.509 client certificates and for customized mappings from a certificate to a userid using a DLL provided by the host administrator.

• NTLM

  If both the client is running on a Windows system and it supports the NTLM Telnet Authentication method, NTLM can be used to authenticate the end user to the IKS.

When used on Windows NT or Windows 2000, the IKS may be installed as a Service which runs independent of the end user logged into the machine. Access to files and directories is controlled by the privileges assigned to the account and the associated ACLs when the file system is NTFS.

When the IKS is installed on Windows 95/98 or the file systems are FAT16 or FAT32, the entire file system of the machine is accessible to the logged in user since the operating system and/or file systems do not support ACLs.

The following features are available only when used with a licensed Kermit 95:

• Secure sessions using Transport Layer Security for privacy and data integrity (even with anonymous logins)

• Client authentication via X.509 end user certificates

• encrypted sessions when Secure Remote Password, Kerberos 4, or Kerberos 5 are being used for end user authentication

• Xmodem, Ymodem, Ymodem-G, and Zmodem file transfer protocols

We are looking for testers on Windows 95/98, NT, and 2000 regardless of whether or not you are currently using Kermit 95. If interested, please send e-mail to kermit-support@columbia.edu with the Subject:

IKS Windows Tester

Please specify:

• The operating system on to which you will be installing the IKS

• Which telnet clients you will be using with the IKS

• Whether or not you own Kermit 95 and if you have the Encryption patch installed.

Jeffrey Altman
http://www.kermit-project.org/k95.html
kermit-support@kermit-project.org