Credential Security Support Provider (CredSSP)

The Credential Security Support Provider protocol (CredSSP) is a Security Service Provider that is implemented using the Security Service Provider Interface (SSPI). CredSSP lets an application delegate the user's credentials from the client to the target server for remote authentication. CredSSP provides an encrypted Transport Layer Security (TLS) channel. The client is authenticated over the encrypted channel using the Simple and Protected Negotiate (SPNEGO) protocol with either Kerberos or Windows NT Challenge/Response (NTLM). Once the client and server are authenticated, the client passes the user's credentials to the server. The credentials are doubly-encrypted under the SPNEGO and TLS session keys. CredSSP supports password-based logon as well as smart card logon based on both X.509- and PKINIT.

For more information about CredSSP, see the following topics.

Topic Description
CredSSP Group Policy Settings Delegation of credentials by CredSSP can be controlled using group policy settings.

Send comments about this topic to Microsoft

Build date: 10/1/2007