Overview#
Negotiate SSP is a Security Support Provider as used in the Microsoft Active Directory Security Support Provider InterfaceNegotiate SSP acts as an application layer between the Security Support Provider Interface and the other Security Support Provider.
Negotiate SSP selects between Kerberos and NTLM. By default, Negotiate selects Kerberos unless Kerberos cannot be used by one of the systems involved in the authentication, or the calling application did not provide sufficient information to use Kerberos.
Kerberos SSP requires the client application MUST provide a ServicePrincipalName (SPN), a UserPrincipalName (UPN), or a NetBIOS account name as the target name. Otherwise, Negotiate SSP always selects the NTLM SSP security provider.
When an application calls in to the Security Support Provider Interface to log on to a network, the application either can specify an Security Support Provider to process the request. If the application specifies Negotiate SSP, Negotiate SSP analyzes the request and picks the best Security Support Provider to handle the request based on customer-configured security policy.
Negotiate SSP implements RFC 2478, Simple and Protected GSSAPI Negotiation Mechanism (SPNEGO).
More Information#
There might be more information for this subject on one of the following:- Kerberos
- Public Key Cryptography Based User-to-User
- SPNEGO
- Security Support Provider
- Security Support Provider Interface
- [#1] - HTTP-Based Cross-Platform Authentication by Using the Negotiate Protocol
- based on information obtained 2016-03-11-
