Skip to main content

SPNEGO-based Kerberos and NTLM HTTP Authentication in Microsoft Windows

Approval announcement
Draft of message to be sent after approval:


From: The IESG <>
To: RFC Editor <>
Cc: The IESG <>, <>,
Subject: Re: Informational RFC to be: 

The IESG has no problem with the publication of 'Kerberos based HTTP 
Authentication in Windows' <draft-jaganathan-kerberos-http-02.txt> as an 
Informational RFC. 

The IESG would also like the IRSG or RFC-Editor to review the comments in 
the datatracker 
related to this document and determine whether or not they merit 
incorporation into the document. Comments may exist in both the ballot 
and the comment log. 

The IESG contact person is Scott Hollenbeck.

A URL of this Internet-Draft is:

The process for such documents is described at

Thank you,

The IESG Secretary

Ballot Text

Technical Summary
This document describes how the Microsoft Internet Explorer (MSIE)
and Internet Information Services (IIS) incorporated in Microsoft
Windows 2000 use Kerberos for security enhancements of web
transactions.  The Hypertext Transport Protocol (HTTP) auth-scheme of
"negotiate" is defined here; when the negotiation results in the
selection of Kerberos, the security services of authentication and
optionally impersonation(the IIS server assuming the windows identity
of the principal which has been authenticated) are performed.  This
document explains how HTTP authentication utilizes the Simple and
Protected GSS-API Negotiation mechanism.  Details of SPNEGO
implementation are not provided in this document.
Working Group Summary
This document is the work of individual submitters who asked the
RFC Editor to publish it as an Informational RFC.  Thought it has
been evaluated by the IESG for conflicts with existing IETF work,
it has not been reviewed by an IETF working group.
Protocol Quality
Scott Hollenbeck and Sam Hartman have reviewed the document for the
IESG.  AD evaluation comments can be found in the I-D tracker.  The
authors claim that the mechanism described in the document has been
implemented in the Microsoft Internet Explorer (MSIE) and Internet
Information Services (IIS) incorporated in Microsoft Windows 2000.


This RFC is not a candidate for any level of Internet Standard.
The IETF disclaims any knowledge of the fitness of this RFC for
any purpose and in particular notes that the decision to publish
is not based on IETF review for such things as security,
congestion control, or inappropriate interaction with deployed
protocols.  The RFC Editor has chosen to publish this document at
its discretion.  Readers of this document should exercise caution
in evaluating its value for implementation and deployment.  See
RFC 3932 for more information.

Note to the RFC Editor

Please review the IESG evaluation comments found in the datatracker,
including suggestions from multiple Area Directors to change the title
of the document to include "Microsoft" with "Windows".

RFC Editor Note