Overview#

Public Key Cryptography Based User-to-User (PKU2U) is a Generic Security Service Application Program Interface (GSS-API) mechanism based on Public Key Infrastructure (PKI). Public Key Cryptography Based User-to-User mechanism is based on Kerberos V messages and the Kerberos V GSS-API mechanism, but without requiring a Kerberos Key Distribution Center (KDC).Public Key Cryptography Based User-to-User is defined in an "Expired" Internet Draft draft-zhu-pku2u-09

Microsoft Windows Public Key Cryptography Based User-to-User#

Microsoft Windows implements Public Key Cryptography Based User-to-User as an Negotiate SSP extension.

Public Key Cryptography Based User-to-User is used when a user attempts a Bind Request to a DSA (Domain Controller) using a simple bind. The DSA will always perform a Client Send Certificate request (even though the the Certificate is not required). If the Certificate is sent and is valid the Bind Response of Success is sent with no password being used.

Public Key Cryptography Based User-to-User was added to the Negotiate SSP component of Windows Client Authentication Architecture within Windows Logon !! More Information There might be more information for this subject on one of the following:

• PKU2U