-
Title
What is SPNEGO? -
Description
What is SPNEGO? -
Resolution
SPNEGO stands for Simple and Protected GSSAPI Negotiation Mechanism and is an IETF standard defined in RFC 2478. It is a GSSAPI pseudo-mechanism which allows a client and a server to negotiate between different GSSAPI mechanisms in order to establish a common security context.
Microsoft's SSPI (Security Support Provider Interface) is modeled on and compatible (at least where Kerberos is concerned) with GSSAPI. It provides a single, common programmatic interface to SSP (Security Support Providers) on Windows. On Windows 2000 and Windows XP, SSPs normally available are for NTLM and, if Active Directory is deployed, Kerberos, as well one named Negotiate which is modeled on and compatible with SPNEGO.
Negotiate is the default SSP for most communication subsystems on Windows 2000 and Windows XP. When Microsoft refers to "Windows Integrated Authentication", for instance in Internet Explorer or in a .NET framework context, it means authentication with the SPNEGO/Negotiate SSPI provider.