Click for Philadelphia, Pennsylvania Forecast



Changes to Telnet Access to E-mail and Netnews: January 28

As a community, we can congratulate ourselves on successfully transitioning to PennKey authentication this fall and improving overall security on our network. Many fewer people will be affected by the next step in Penn's ongoing security enhancement program, which will be to require strong authentication for Telnet access to campus host computers. (For background about Penn's security initiatives, see Almanac July 16, 2002 and October 8, 2002.)

Telnet is used primarily to access host-based e-mail applications such as Elm and Pine, and Netnews readers such as tin and slrn. However, Telnet software in the standard, insecure mode now being used on campus does not encrypt users' passwords; they are sent across the network "in the clear," making them more susceptible to interception.

By January 28, 2003, anyone using standard Telnet to access the University's host-based applications will need to upgrade or change their desktop software. The recommended options are listed in the table below. In addition, individuals who use Telnet to access Penn e-mail when they're away from their own computer--while traveling or using a friend's computer or a computer in a public location such as an Internet café--will most likely need to change the way they access their e-mail. Webmail is the recommended option for them.

If you don't know how you access e-mail or Netnews, be sure to check with your Local Support Provider (LSP). You may be using Telnet without knowing it.

Telnet Applications that will no longer work

As of January 28, the widely used Telnet software listed below can no longer be used to access Penn host computers. This list includes products that have been supported at Penn in the past and is not intended to be exhaustive.

  • versions of Host Explorer prior to version (Windows)
  • built-in Telnet for Windows (Note that if you access mail using a sequence like Start Menu > Run > telnet email server name (e.g., pobox,, dolphin) > email ID and password > email program (e.g., elm or pine), you are using a standard Telnet client to access host-based email.)
  • all versions of NCSA Telnet (Macintosh)
  • versions of dataComet prior to version 5--with version 5, the name also changed to dataComet Secure (Macintosh)

Secure Options for Use as of January 28

Anyone who currently uses standard Telnet on their computer should install either secure Kerberized Telnet software and a Kerberos ticket manager or Secure Shell (SSH) software before January 28 for continued access to host-based e-mail and Netnews readers. Be aware that this secure software is not as ubiquitous as standard versions of Telnet, and is therefore less likely to be available on computers in public locations such as web cafes. The recommended way to access e-mail when you're away from your own computer is via Webmail, which is available on all the major campus e-mail hosts and can be accessed using Internet Explorer or Netscape.

Getting Help

If you're not sure whether or not this change affects you, consult your Local Support Provider. Be sure to seek advice and, if necessary, update your software, as soon as possible, so you don't find yourself unable to read e-mail on January 28.

--Robin Beck, Vice President, ISC

Click here for the Table of Security Options for Windows and Macintosh Software


  Almanac, Vol. 49, No. 15, December 10, 2002