Introduction
Authentication
Authentication, at its core, is the validation of your identity by presenting a combination of three main factors to a validation mechanism. They are;
Something you know (a password, passcode, pin, etc.).
Something you have (an ID Card, security key, or other MFA tools).
Something you are (your physical self, username, email address, or other identifiers.)
Linux
ID | Cryptographic Hash Algorithm |
| |
| |
| |
| |
| |
| |
| |
|
Windows Authentication Process Diagram
LSASS
Local Security Authority Subsystem Service (LSASS) is a collection of many modules and has access to all authentication processes that can be found in %SystemRoot%\System32\Lsass.exe
Authentication Packages | Description |
| The LSA Server service both enforces security policies and acts as the security package manager for the LSA. The LSA contains the Negotiate function, which selects either the NTLM or Kerberos protocol after determining which protocol is to be successful. |
| Authentication package for local machine logons that don't require custom authentication. |
| The Security Accounts Manager (SAM) stores local security accounts, enforces locally stored policies, and supports APIs. |
| Security package loaded by the LSA for Kerberos-based authentication on a machine. |
| Network-based logon service. |
| This library is used to create new records and folders in the Windows registry. |
SAM Database
The Security Account Manager (SAM) is a database file in Windows operating systems that stores users' passwords. It can be used to authenticate local and remote users.
This file is located in %SystemRoot%/system32/config/SAM and is mounted on HKLM/SAM. SYSTEM level permissions are required to view it.
the Domain Controller (DC) must validate the credentials from the Active Directory database (ntds.dit), which is stored in %SystemRoot%\ntds.dit.
Credential Manager
NTDS
User accounts (username & password hash)
Group accounts
Computer accounts
Group policy objects
Last updated
