Authentication Protocols
So far, we have discussed how passwords are stored on Windows. Perhaps even more important is how they are used. Passwords are authenticators—they are used to authenticate a user to a computer. If the user is logging on interactively to a local account, the flow is quite simple:
User uses the Secure Attention Sequence (SAS, also known as the "three-finger salute," or just Ctrl+Alt+Delete) to bring up the log-on dialog box. This causes the Local Security Authority Sub-System (LSASS) to spawn a new session and load WinLogon in that session. WinLogon in turn loads the LogonUI.
User types in the user name and password.
The WinLogon process takes the password, hashes it to an NT hash, looks up the user name in the local SAM, and ...
Get Windows Server® 2008 Security Resource Kit now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.