Overview#
Negotiate SSP is a Security Support Provider as used in the Microsoft Active Directory Security Support Provider InterfaceNegotiate SSP acts as an application layer between the Security Support Provider Interface and the other Security Support Provider.
Negotiate SSP selects between Kerberos and NTLM. By default, Negotiate SSP selects the Kerberos SSP unless Kerberos cannot be used by one of the systems involved in the authentication, or the calling application did not provide sufficient information to use the Kerberos SSP.
When an application calls in to the Security Support Provider Interface to log on to a network, the application either can specify an Security Support Provider (SSP) to process the request. If the application specifies Negotiate SSP then the request is analyzed the best Security Support Provider to handle the request based on customer-configured security policy.
Negotiate SSP implements RFC 2478, Simple and Protected GSSAPI Negotiation Mechanism (SPNEGO) and therefore is also a (at least pseudo) SASL Mechanisms
More Information#
There might be more information for this subject on one of the following:- Kerberos
- LDAPServerIntegrity
- Public Key Cryptography Based User-to-User
- SPNEGO
- Security Support Provider
- Windows Authentication Package
- [#1] - HTTP-Based Cross-Platform Authentication by Using the Negotiate Protocol
- based on information obtained 2016-03-11-
- [#2] - Microsoft Negotiate - based on information obtained 2020-01-21
