2.2.1.1.7 Security Providers
These extensions do not require support for the dce_c_rpc_authn_protocol_krb5 security provider, as specified in [C706] section 13. All of the requirements specified in [C706] section 13 are removed by these extensions.<22>
These extensions specify the following values for the security provider.
|
Name |
Value |
Security provider |
|---|---|---|
|
RPC_C_AUTHN_NONE |
0x00 |
No Authentication |
|
RPC_C_AUTHN_GSS_NEGOTIATE |
0x09 |
SPNEGO |
|
RPC_C_AUTHN_WINNT |
0x0A |
NTLM |
|
RPC_C_AUTHN_GSS_SCHANNEL |
0x0E |
TLS |
|
RPC_C_AUTHN_GSS_KERBEROS |
0x10 |
Kerberos |
|
RPC_C_AUTHN_NETLOGON |
0x44 |
Netlogon |
|
RPC_C_AUTHN_DEFAULT |
0xFF |
Same as RPC_C_AUTHN_WINNT |
On the client side, if the higher level protocol requests RPC_C_AUTHN_DEFAULT, the implementation MUST use RPC_C_AUTHN_WINNT instead.
The security provider underlying protocol and implementation defines the number of legs and whether the number of legs is odd or even that are used in the token exchange process that builds a security context. This information MAY be used for the processing of PDUs during that process.
These extensions specify the following number (if known) or even/oddness of the legs needed to build a security context.
|
Name |
# of or Even # of Token Exchange Legs |
|---|---|
|
RPC_C_AUTHN_NONE |
even |
|
RPC_C_AUTHN_GSS_NEGOTIATE |
even |
|
RPC_C_AUTHN_WINNT |
3 |
|
RPC_C_AUTHN_GSS_SCHANNEL |
even |
|
RPC_C_AUTHN_GSS_KERBEROS |
even |
|
RPC_C_AUTHN_NETLOGON |
3 |
|
RPC_C_AUTHN_DEFAULT |
unknown |