Overview#Negotiate SSP is a Security Support Provider as used in the Microsoft Active Directory Security Support Provider Interface
Negotiate SSP selects between Kerberos and NTLM. By default, Negotiate SSP selects the Kerberos SSP unless Kerberos cannot be used by one of the systems involved in the authentication, or the calling application did not provide sufficient information to use the Kerberos SSP.
When an application calls in to the Security Support Provider Interface to log on to a network, the application either can specify an Security Support Provider (SSP) to process the request. If the application specifies Negotiate SSP then the request is analyzed the best Security Support Provider to handle the request based on customer-configured security policy.
More Information#There might be more information for this subject on one of the following:
- Public Key Cryptography Based User-to-User
- Security Support Provider
- Windows Authentication Package
- [#1] - HTTP-Based Cross-Platform Authentication by Using the Negotiate Protocol - based on information obtained 2016-03-11-
- [#2] - Microsoft Negotiate - based on information obtained 2020-01-21