Overview#

Kerberos SSP is a Security Support Provider as used in the Microsoft Active Directory Security Support Provider Interface

Kerberos SSP (Kerberos.dll) is the preferred choice for authentication in Windows Server.

Kerberos SSP requires the client application MUST provide one of the following:

• ServicePrincipalName (SPN)
• UserPrincipalName (UPN)
• NetBIOS account name as the target name. Otherwise, Kerberos SSP always selects the NTLM SSP security provider.

The Microsoft Kerberos Security Support Provider uses the Kerberos V5 authentication protocol. (RFC 1510).

Because Kerberos SSP is the default authentication protocol for Windows Server 2003+, all domain services support the Kerberos SSP, which includes:

• Microsoft Active Directory queries using the Lightweight Directory Access Protocol (LDAP).
• Remote Desktop Protocol server or workstation management using RPC calls.
• Print services.
• Client-server authentication.
• Remote file access using Common Internet File System/Server Message Block (CIFS/SMB).
• Distributed file system management and referrals.
• Intranet authentication to Internet Information Services (IIS) and Windows Integrated Authentication
• Security authority authentication for Internet Protocol Security (IPsec).
• Certificate requests to Certificate Services for domain users and computers.

More Information#

There might be more information for this subject on one of the following:

• Local Security Authority
• Negotiate SSP
• Security Support Provider
• Security Support Provider Interface
• Windows Authentication Package

---

• [#1] - Microsoft Kerberos - based on information obtained 2020-01-21