2.2.1.1 Authentication
Protocols in this table enable protocol clients in the Office system to authenticate users.
|
Protocol name |
Description |
Short name |
|---|---|---|
|
Digest Protocol Extensions |
Supports client authentication to protocol servers, based on user name and password, and server authentication to protocol clients. These are Microsoft Windows extensions to the Digest Authentication standard, as described in [RFC2617], "HTTP Authentication: Basic and Digest Access Authentication," and [RFC2831], "Using Digest Authentication as a SASL Mechanism." |
|
|
HTTP Authentication: Basic and Digest Access Authentication |
Defines an authentication (2) scheme that can be used to verify that both parties to a communication know a shared secret (password). If Digest Access Authentication is used, this verification can be done without sending a password as cleartext. |
[RFC2617] |
|
Kerberos Protocol Extensions |
Extends the Kerberos Network Authentication Service (V5) protocol, as described in [RFC4120]. These extensions provide additional capabilities for authorization information, including group memberships, interactive logon information and integrity levels, and constrained delegation and encryption supported by Kerberos principals. |
|
|
NT LAN Manager (NTLM) Authentication Protocol |
Provided by the Windows operating system, enables authentication between protocol clients and protocol servers when the Kerberos Protocol Extensions, as described in [MS-KILE], cannot be used. In Windows Server 2008 operating system with Service Pack 2 (SP2), Windows Vista operating system, Windows Server 2003 operating system, Windows XP operating system, and Windows 2000 Server operating system, Kerberos authentication replaces NT LAN Manager (NTLM) Authentication Protocol as the preferred authentication protocol. |
|
|
Office Forms Based Authentication Protocol |
Implemented by the Office system, establishes a user’s identity by using HTTP-based forms authentication when other authentication mechanisms are not available. |
|
|
Passport Server Side Include (SSI) Version 1.4 Protocol |
An HTTP-based protocol that enables protocol clients to authenticate to a partner server with the assistance of an authentication (2) server. Also referred to as the "Passport Tweener" protocol. |
|
|
Simple and Protected GSS-API Negotiation Mechanism (SPNEGO) Extensions |
Defines a negotiation mechanism for the Generic Security Service Application Program Interface (GSS-API), as described in [RFC2743]. SPNEGO provides a framework for two parties that are engaged in authentication (2) to select from a set of possible authentication (2) mechanisms, in a manner that preserves the opaque nature of the security protocols to the application protocol that uses SPNEGO. |
|
|
SPNEGO-based Kerberos and NTLM HTTP Authentication in Microsoft Windows |
Provided by Windows 2000 operating system, enhances the security of Web-based transactions by using Kerberos. |