2.2.1 Enterprise Environment
Protocol name |
Description |
Protocol document short name |
---|---|---|
NT LAN Manager (NTLM) Authentication Protocol |
This protocol is used by application protocols to authenticate remote users and, optionally, to provide session security when the application requests it. This protocol also provides the group membership information in conjunction with Authentication Protocol Domain Support, as described in [MS-APDS]. |
|
Kerberos Protocol Extensions |
Specifies extensions to the Kerberos Network Authentication Service (V5) protocol [RFC4120]. These extensions provide additional capability for authorization information, including group memberships, interactive logon information, and integrity levels, as well as constrained delegation and encryption that Kerberos principals support. |
|
Public Key Cryptography for Initial Authentication (PKINIT) in Kerberos Protocol |
Specifies Microsoft extensions to the Public Key Cryptography for Initial Authentication in Kerberos (PKINIT) protocol. These extensions describe how the Windows implementations of PKINIT differ from what is specified in [RFC4556] and [RFC5349]. |
|
Authentication Protocol Domain Support |
Specifies the communication between a server and a domain controller that uses Netlogon interfaces ([MS-NRPC] section 3.2) to complete an authentication sequence for certain authentication protocols and provides group membership information. |
[MS-APDS] |
Simple and Protected GSS-API Negotiation Mechanism (SPNEGO) Extension |
Extends [RFC4178], which specifies a negotiation mechanism for the Generic Security Service Application Programming Interface (GSS-API) [RFC2743]. Extension is based on version 2 of NEGOEX [IETFDRAFT-NEGOEX-02]. |
|
SPNEGO Extended Negotiation (NEGOEX) Security Mechanism |
Extends [RFC4178], enhances the capabilities of SPNEGO by providing a security mechanism that can be negotiated by the SPNEGO protocol. Extension is based on version 4 of NEGOEX [IETFDRAFT-NEGOEX-04]. |
|
Kerberos Protocol Extensions: Service for User and Constrained Delegation Protocol |
These two extensions to Kerberos enable an application service to obtain a Kerberos service ticket on behalf of a user, but each provides a different way to obtain a ticket on behalf of a user. |
|
Credential Security Support Provider (CredSSP) Protocol |
Enables an application to securely delegate a user's credentials from a client to a target server. |
|
Netlogon Remote Protocol |
Used for user and machine authentication on domain-based networks. |
[MS-NRPC] |