!!! Overview
[{$pagename}] ([PKU2U]) is a [Generic Security Service Application Program Interface] ([GSS-API]) mechanism based on [Public Key Infrastructure] ([PKI]). [{$pagename}] mechanism is based on [Kerberos] V messages and the [Kerberos] V [GSS-API] mechanism, but without requiring a [Kerberos] [Key Distribution Center] ([KDC]).[{$pagename}] is defined in an "Expired" [Internet Draft] [draft-zhu-pku2u-09|https://tools.ietf.org/html/draft-zhu-pku2u-09|target='_blank']

!! [Microsoft Windows] [{$pagename}]
[Microsoft Windows] implements [{$pagename}] as an [Negotiate SSP] extension.

[{$pagename}] is used when a user attempts a [Bind Request] to a [DSA] ([Domain Controller]) using a simple bind. The [DSA] __will always perform a [Client Send Certificate] request__ (even though the the Certificate is not required). If the [Certificate] is sent and is valid the [Bind Response] of [Success] is sent with no [password] being used.

[{$pagename}] was added to the [Negotiate SSP] component of [Windows Client Authentication Architecture] within [Windows Logon] !! More Information
There might be more information for this subject on one of the following:
[{ReferringPagesPlugin before='*' after='\n' }]