1.4 Relationship to Other Protocols

This extension uses the SPNEGO Extension specified in [MS-SPNG], which differs slightly from SPNEGO [RFC4178]. The following diagram illustrates the relationships between its related protocols and mechanisms.

Relationship to other protocols

Figure 1: Relationship to other protocols

The SMTP AUTH Extension specified in [RFC2554] is defined to use SASL mechanisms. The SMTP AUTH Extension for SPNEGO is one SASL mechanism. The SASL to GSS-API wrapper defined in [RFC2222] section 7.2 is another SASL mechanism; however, it does not define a SASL mechanism name for any particular GSS-API mechanism (thus the diagram contains a dotted line from "SASL to GSS-API wrapper" to "(other GSS-API mechanisms)". To use a particular GSS-API mechanism in SMTP requires that the mechanism have a SASL mechanism name defined for it. [RFC4752] specifies the SASL to GSS-API wrapper over Kerberos. The SMTP AUTH Extension for NTLM specified in [MS-SMTP] is another SASL mechanism.

The SPNEGO Extension specified in [MS-SPNG] is both a GSS-API mechanism (as used in this document) as well as a protocol that uses other GSS-API mechanisms, including NTLM and Kerberos.

Since both the SMTP AUTH Extension for SPNEGO and the SASL to GSS-API wrapper over Kerberos defined in [RFC4752] use the same SASL mechanism name, they cannot be used in the same environment. However, the SASL mechanism name for the SMTP AUTH Extension for NTLM, as well as other SASL mechanisms, are different and therefore can be used in the same environment.