!!!Overview 
[{$pagename}] ([Simple and Protected GSSAPI Negotiation Mechanism] aka [GSS-SPNEGO] and snggo) is a [GSSAPI] "pseudo mechanism" that is used to negotiate one of a number of possible real [SASL Mechanisms]. 

[{$pagename}] pseudo mechanism is documented in [RFC 2478] and [RFC 4178].

[{$pagename}] SASL Mechanisms] is identified by the [Object Identifier] iso.org.dod.internet.security.mechanism.snego ([1.3.6.1.5.5.2]).

[{$pagename}] is used when a client application wants to authenticate to a remote server, but neither end is sure what [authentication] [protocols] the other supports. The pseudo-mechanism uses a [protocol] to determine what common [GSSAPI] mechanisms are available, selects one and then dispatches all further security operations to it. This can help organizations deploy new security mechanisms in a phased manner.

The presence of the "GSS-SPNEGO" string value in the [supportedSASLMechanisms] attribute indicates that the [LDAP] server, typically a [Domain Controller], accepts the GSS-SPNEGO security mechanism for [LDAP] [Bind Requests].

!! [Microsoft Active Directory]
[{$pagename}]'s most visible [Implementation] is in Microsoft's "[HTTP Negotiate|Negotiate SSP]" [authentication] extension. It was first implemented in Internet Explorer 5.01 and [IIS] 5.0 and provided [Single Sign-On] capability later marketed as [Integrated Windows Authentication]. The [Negotiate SSP] sub-mechanisms included [NTLM] and [Kerberos], both used in [Microsoft Active Directory].

!! [NT LAN Manager Vulnerabilities]
[NT LAN Manager Vulnerabilities] shows some of the Vulnerabilities with using [NT LAN Manager] ([NTLM])

!! More Information
There might be more information for this subject on one of the following:
[{ReferringPagesPlugin before='*' after='\n' }]