5.1.2 Preferred Security Providers

Implementations can create programming interfaces (3) and corresponding documentation for accessing functionality offered by these extensions in a way that encourages higher-level protocols to not use NTLM as the security provider. SPNEGO and Kerberos offer stronger security.