Overview#

Security Support Provider (SSP) in Microsoft Active Directory is implemented via the Security Support Provider Interface which is part of the Windows Client Authentication Architecture

Windows Server 2003+, by default, has five Security Support Provider:

• Negotiate SSP
• Kerberos SSP
• NTLM SSP
• Schannel SSP
• Digest SSP
• CredSSP

However, because not all operating systems support the same SSP packages that Windows Server 2003 supports; clients and servers must negotiate to use a protocol that they both support.

Windows Server 2003+ prefers clients to use Kerberos SSP, a strong standards-based protocol, when possible, but continues to allow clients that do not support Kerberos, such as Windows NT 4.0 clients, to authenticate.

Further, the Security Support Provider Interface is extensible and have other Security Support Provider implementations.

More Information#

There might be more information for this subject on one of the following:

• CredSSP
• Digest SSP
• Generic Security Service Application Program Interface
• Kerberos SSP
• Local Security Authority
• NTLM SSP
• Negotiate SSP
• SSP
• Schannel SSP
• Security Support Provider
• Security Support Provider Interface