Prior to Windows NT 5.0, full support was provided only for the default security package, NTLMSSP (Windows NT LAN Manager Security Support Provider). With Windows NT 5.0, full support is now provided for the popular security packages Kerberos and SChannel (SSL2, SSL3, and PCT). Also supported is Snego, which checks for available security packages and selects the most appropriate one.
The following table shows the levels of authentication supported by the various security packages:
Server/Client Authentication | Security Package Support |
---|---|
Neither can get the name of the other | None |
The client can authenticate the server, but not vice-versa | SChannel |
The client can't discover the server, but the server can get the user ID of the client. | NTLMSSP |
Mutual authentication — both the client and server can know the name of the other, if permission is granted. | NTLMSSP (locally), Kerberos, SChannel |
For more information about these security packages, see the following topics: