Export (0) Print
Expand All
1 out of 3 rated this helpful - Rate this topic

Credential Security Support Provider

The Credential Security Support Provider protocol (CredSSP) is a Security Support Provider that is implemented by using the Security Support Provider Interface (SSPI). CredSSP lets an application delegate the user's credentials from the client to the target server for remote authentication. CredSSP provides an encrypted Transport Layer Security Protocol channel. The client is authenticated over the encrypted channel by using the Simple and Protected Negotiate (SPNEGO) protocol with either Microsoft Kerberos or Microsoft NTLM.

Caution  This is not constrained delegation. CredSSP passes the user's full credentials to the server without any constraint.

For information about SPNEGO, see Microsoft Negotiate.

After the client and server are authenticated, the client passes the user's credentials to the server. The credentials are doubly encrypted under the SPNEGO and TLS session keys. CredSSP supports password-based logon as well as smart card logon based on both X.509 and PKINIT.

Important  CredSSP does not support Wow64 clients.

For more information about CredSSP, see the following topics.

TopicDescription

CredSSP Group Policy Settings

Delegation of credentials by CredSSP can be controlled by using group policy settings.

 

 

 

Did you find this helpful?
(1500 characters remaining)
Thank you for your feedback

Community Additions

ADD
Show:
© 2014 Microsoft. All rights reserved.