SSPI is the MS dialect of GSSAPI. We should support it in JDK on the Windows platform for better interop and system integration with Windows AD. Possible benefits are:
1. No need for krb5.ini and JAAS config
2. No need to retrieve TGT, thus no need for the allowtgtsessionkey registry key
3. Override the restriction when client is a member of local admin group
4. Server side program has no need to run setspn/ktpass
5. Server side program may be run as a Windows service
6. In Windows Server 2008, user2user authentication must be performed through their new protocol (http://tools.ietf.org/html/draft-swift-win2k-krb-user2user-03). SSPI automatically does this.
In the first stage, we should support client side using default credentials.
This provider must be interoperable with Java GSS provider and other native providers.