2.2 Message Syntax

  • Article

The messages that SPNEGO uses are specified in [RFC4178], in terms of ASN.1, as specified in [X680]. There are only two messages in SPNEGO, negTokenInit and negTokenResp.

The negTokenInit message is sent from the client to the server and is used to begin the negotiation. The client uses that message to specify the set of authentication mechanisms that are supported and an opportunistic authentication message from the mechanism that the client believes will be agreed upon with the server.

The negTokenResp message is used thereafter as the server selects the mechanism to use, and the two parties exchange authentication messages that are wrapped in the negTokenResp message until completion.

The SPNEGO Extension extends the NegTokenInit message with the NegTokenInit2 message section 2.2.1.