Search RFCs
RFC 4559
SPNEGO-based Kerberos and NTLM HTTP Authentication in Microsoft Windows,June 2006
- File formats:
- Status:
- INFORMATIONAL
- Authors:
- K. Jaganathan
L. Zhu
J. Brezak - Stream:
- INDEPENDENT
Cite this RFC:TXT | XML | BibTeX
DOI: https://doi.org/10.17487/RFC4559
Discuss this RFC: Send questions or comments to the mailing listrfc-ise@rfc-editor.org
Other actions:View Errata | Submit Errata | Find IPR Disclosures from the IETF | View History of RFC 4559
Abstract
This document describes how the Microsoft Internet Explorer (MSIE)and Internet Information Services (IIS) incorporated in MicrosoftWindows 2000 use Kerberos for security enhancements of webtransactions. The Hypertext Transport Protocol (HTTP) auth-scheme of"negotiate" is defined here; when the negotiation results in theselection of Kerberos, the security services of authentication and,optionally, impersonation (the IIS server assumes the windows identityof the principal that has been authenticated) are performed. Thisdocument explains how HTTP authentication utilizes the Simple andProtected GSS-API Negotiation mechanism. Details of Simple AndProtected Negotiate (SPNEGO) implementation are not provided in this document. This memo provides information for the Internet community.
For the definition ofStatus,seeRFC 2026.
For the definition ofStream, seeRFC 8729.