Overview#
CredSSP (Credential Security Support Provider) protocol is a Security Support Provider that is implemented by using the Security Support Provider Interface (SSPI) which lets an application provide the user's credentials from the client to the target server for remote authentication.CredSSP provides an encrypted Transport Layer Security Protocol channel.
The client is authenticated over the encrypted channel by using the Simple and Protected GSSAPI Negotiation Mechanism (SPNEGO) protocol with either Microsoft Kerberos or Microsoft NTLM.
This is not delegation. CredSSP passes the user's full credentials to the server without any constraint.
After the client and server are authenticated, the client passes the user's credentials to the server. The credentials are doubly encrypted under the SPNEGO and TLS session keys.
CredSSP supports Password-based logon as well as Smart Card logon based on both X.509 and PKINIT.
CredSSP does not support Wow64 clients.
CredSSP may cause issues when "User must change password at next logon" is enabled or if an account's password expires. CredSSP has no Password Modify Operation.
There might be more information for this subject on one of the following:
- [#1] - Credential Security Support Provider
- based on information obtained 2020-01-21
Please see our Copyright And Intellectual Property Page and Standard Disclaimer Pages!