Overview#
Security Support Provider (SSP) in Microsoft Active Directory is implemented via the Security Support Provider Interface which is part of the Windows Client Authentication ArchitectureSecurity Support Providers work with authentication packages following the Security Support Provider Interface (SSPI) APIs.
Security Support Provider are NOT Authentication Mechanisms. They are used to gather and serialize credentials. The Local Security Authority (LSA) and Windows Authentication Package performs Authentication.
Windows Server 2003+, by default, has five Security Support Provider:
However, because not all Operating Systems support the same SSP packages that Windows Server 2003 supports; clients and servers must negotiate to use a protocol that they both support.
Windows Server 2003 and later prefers clients to use Kerberos SSP, a strong standards-based protocol, when possible, but continues to allow clients that do not support Kerberos, such as Windows NT 4.0 clients, to authenticate.
Further, the Security Support Provider Interface is extensible and have other Security Support Provider implementations.
More Information#
There might be more information for this subject on one of the following:- CredSSP
- Digest SSP
- Generic Security Service Application Program Interface
- Kerberos SSP
- Local Security Authority
- NTLM SSP
- Negotiate SSP
- SSP
- Schannel SSP
- Security Support Provider
- Security Support Provider Interface
- Windows Authentication Package
- Windows Client Authentication Architecture
- Windows Credential Provider
