SPNEGO is an HTTP authentication mechanism which uses GSS-API to select an underlying mechanism such as Kerberos or NTLM. It is supported by Firefox and Chromium, and by Apache if the mod_auth_kerb module is installed.

SPNEGO is also known as ‘integrated authentication’ or ‘negotiate authentication’. Be aware that it does not by itself protect the HTTP request or response from tampering. For this and other reasons it should normally be used in combination with an encryption mechanism such as TLS/SSL.


See also

Further reading