One feature of Windows 2000 is the ability to support different authentication methods via the Security Support Provider (SSP). Windows 2000 supports three primary SSP's. They are:
*Microsoft Kerberos *NTLM Challenge/Response *SChannel Security Protocols
While Kerberos is the default authentication method in Windows 2000, other methods could be used through the Security Support Provider Interface or SSPI. The SSPI provides an interface by which the client can communicate with an installed security service library. The idea here is that other third-party security providers developing their own authentication libraries to interface with Windows 2000.
In addition, Windows 2000 uses these network SSPs to provide authentication services using digital certificates:
*Distributed Password Authentication (DPA) - an Internet authentication protocol *Extensible Authentication Protocol (EAP) - extension to Point-to-Point (PPP) protocol *Public key-based protocols - this includes SSL, TLS1 and Private Communication Technology
This was first published in June 2001