!!! Overview
[{$pagename}] (Credential Security Support Provider) [protocol] is a [Security Support Provider] that is implemented by using the [Security Support Provider Interface] ([SSPI]) which lets an [application] provide the user's [credentials] from the [client] to the target [server] for remote [authentication].


[{$pagename}] provides an [encrypted] [Transport Layer Security] [Protocol] [channel].


The client is [authenticated] over the encrypted channel by using the [Simple and Protected GSSAPI Negotiation Mechanism] ([SPNEGO]) [protocol] with either Microsoft [Kerberos] or [Microsoft] [NTLM].

%%error
This is not [delegation]. [{$pagename}] passes the user's __full [credentials] to the server without any constraint__.
%%


After the client and server are [authenticated], the client passes the user's [credentials] to the server. The [credentials] are doubly [encrypted] under the [SPNEGO] and [TLS] session keys. 


[{$pagename}] supports [Password-based] logon as well as [Smart Card] logon based on both [X.509] and [PKINIT].

%%warning
[CredSSP] does not support Wow64 clients.
%%

%%warning
[{$pagename}]  may cause issues when "User must change password at next logon" is enabled or if an account's password expires. [{$pagename}] has no [Password Modify Operation].
%%

There might be more information for this subject on one of the following:
[{ReferringPagesPlugin before='*' after='\n' }]
----
* [#1] - [Credential Security Support Provider|https://docs.microsoft.com/en-us/windows/win32/secauthn/credential-security-support-provider|target='_blank'] - based on information obtained 2020-01-21