Unlike NTLMSSP, Kerberos, and SChannel, Snego does not provide authentication services. It takes a list of real authentication services and picks a service that is likely to work. The authentication parameters are not used by Snego, but are passed to the chosen authentication service, which does the actual authentication.
COM uses Snego to decide which authentication service to use. In particular, Snego is useful for choosing between NTLM and Kerberos. In most cases, an application will not specify Snego.
If COM chooses Snego, both the server and the client will see Snego returned by calls to QueryBlanket, regardless of which authentication service Snego chooses.
For an application to use Snego, both the client and the server must specify Snego. The server specifies Snego in one of the SOLE_AUTHENTICATION_SERVICE structures in the asAuthSvc array parameter to CoInitializeSecurity. The client provides a list of authentication services for Snego to use through the pAuthInfo parameter on IClientSecurity::SetBlanket. If pAuthInfo is NULL, Snego composes a list of security packages installed on the machine. Then Snego sends the list of authentication services to the server, compares the list to the server's available authentication services, and picks an authentication service. For more information about Snego, see CoInitializeSecurity and SetBlanket.