1.4 Relationship to Other Protocols
SPNEGO requires at least one other GSS–compatible authentication protocol to be present for it to work. It does not depend on a specific protocol.<1>
Since NEGOEX negotiates security mechanisms, applications that use SPNEGO as their authentication protocol can use protocols supported by NEGOEX.<2>
Many application protocols make use of SPNEGO as their authentication protocol. Such protocols include the Common Internet File System (CIFS)/Server Message Block (SMB) [MS-SMB]; HTTP [HTTPAUTH]; RPCE [MS-RPCE]; and the Lightweight Directory Access Protocol (LDAP) [RFC2251].
SPNEGO is a meta protocol that travels entirely in other application protocols; it is never used directly without an application protocol.
After SPNEGO has completed the ferrying of the other security protocol's authentication tokens, SPNEGO is finished. All further access to security context state and per-message services, such as signatures or encryption, is done by directly using the "real" security protocol whose authentication tokens were communicated via SPNEGO.