Skip to main content

HTTP Authentication: SPNEGO Access Authentication As implemented in Microsoft Windows 2000

Document Type Expired Internet-Draft (individual)
Expired & archived
Author John Brezak
Last updated 2002-10-16
RFC stream (None)
Intended RFC status (None)
Stream Stream state (No stream defined)
Consensus boilerplate Unknown
RFC Editor Note (None)
IESG IESG state Expired
Telechat date (None)
Responsible AD (None)
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft is available in these formats:


This document describes how the Microsoft Internet Explorer (MSIE) and Internet Information Services (IIS) incorporated in Microsoft Windows 2000 use Kerberos for security enhancements of web transactions. The HTTP auth-scheme of 'negotiate' is defined here; when the negotiation results in the selection of Kerberos, the security services of authentication and optionally impersonation are performed. This document explains how HTTP authentication utilizes the SPNEGO [7] GSSAPI mechanism. Details of SPNEGO implementation are not provided in this document.


John Brezak

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)