The
Windows
Native Authentication method is more complex
than the other methods and extends the auth protocol as it has
to send more data forth and back than the old handshake
permitted.
Basically it wraps the output of the Negotiate SSP in the Auth Phase protocol which either means NTLM or SPNEGO are used as underlying protocol.
Due to the implementation details the
Windows
Native Authentication method doesn't use the
fast path of the Connection
Phase, but is only triggered on request as part of the
Authentication
Method Switch Request Packet.
Due to implementation details (again) the first packet sent from the client to the server is expected to be either
254 bytes long max or
send the first 254 bytes first, appended by 1 byte with a magic value plus a 2nd packet with rest of the data
All following win-auth-packets don't get split.
The client will either send a SPNEGO or NTLM packet as next packet.
To implement the protocol several implementations exist:
Windows provides InitializeSecurityContextW and AcceptSecurityContext
a open source implemenation of NTML, SPNEGO and Kerberos5 are provided by Heimdal
Java6 added SPNEGO support to JGSS which also provides the NTLM and Kerberos5 support