Partager via


2.2.1.1.7 Security Providers

The RPC protocol extensions do not require support for the dce_c_rpc_authn_protocol_krb5 security provider, as specified in [C706] section 13. All of the requirements specified in [C706] section 13 are removed by these extensions.<22>

These extensions specify the following values for the security provider.

Name

Value

Security provider

RPC_C_AUTHN_NONE

0x00

No Authentication

RPC_C_AUTHN_GSS_NEGOTIATE

0x09

 SPNEGO

RPC_C_AUTHN_WINNT

0x0A

NTLM

RPC_C_AUTHN_GSS_SCHANNEL

0x0E

TLS

RPC_C_AUTHN_GSS_KERBEROS

0x10

Kerberos

RPC_C_AUTHN_NETLOGON

0x44

Netlogon

RPC_C_AUTHN_DEFAULT

0xFF

Same as RPC_C_AUTHN_WINNT

On the client side, if the higher level protocol requests RPC_C_AUTHN_DEFAULT, the implementation MUST use RPC_C_AUTHN_WINNT instead.

The security provider underlying protocol and implementation defines the number of legs and whether the number of legs is odd or even that are used in the token exchange process that builds a security context. This information MAY be used for the processing of PDUs during that process. 

These extensions specify the following number (if known) or even/oddness of the legs needed to build a security context.

Name

# of or Even # of Token Exchange Legs

RPC_C_AUTHN_NONE

even

RPC_C_AUTHN_GSS_NEGOTIATE

even

RPC_C_AUTHN_WINNT

3

RPC_C_AUTHN_GSS_SCHANNEL

even

RPC_C_AUTHN_GSS_KERBEROS

even

RPC_C_AUTHN_NETLOGON

3

RPC_C_AUTHN_DEFAULT

unknown