{
	"id": "bd07a992-b54a-400a-87fd-fd48cc5df579",
	"created_at": "2026-04-06T00:10:10.420612Z",
	"updated_at": "2026-04-10T13:11:53.127697Z",
	"deleted_at": null,
	"sha1_hash": "c8403c7c291ab7a1ed66376b52045330d21a1822",
	"title": "Authentication Packages - Win32 apps",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 47547,
	"plain_text": "Authentication Packages - Win32 apps\r\nBy GrantMeStrength\r\nArchived: 2026-04-05 20:41:35 UTC\r\nAuthentication packages are contained in dynamic-link libraries. The Local Security Authority (LSA) loads\r\nauthentication packages by using configuration information stored in the registry. Loading multiple authentication\r\npackages permits the LSA to support multiple logon processes and multiple security protocols.\r\nLogon processes use authentication packages to analyze logon data. New logon processes are added to a system\r\nby adding a GINA to collect the required logon data and, if needed, by adding a new authentication package to\r\nanalyze the data.\r\nSecurity protocols are implemented by authentication packages. An authentication package analyzes logon data by\r\nfollowing the rules and procedures set forth in a security protocol.\r\nAuthentication packages are responsible for the following tasks:\r\nAnalyzing logon data to determine whether a security principal is allowed to log on to a system.\r\nEstablishing a new logon session and creating a unique logon identifier for the successfully authenticated\r\nprincipal.\r\nPassing security information to the LSA for the principal's security token.\r\nWhen a user attempts an interactive logon, the LSA calls an authentication package to determine whether to\r\npermit the user to log on. MSV1_0, for example, is an authentication package installed with the Microsoft\r\nWindows operating system. The MSV1_0 package accepts a user name and a hashed password. It looks up the\r\nuser name and hashed password combination in the Security Accounts Manager (SAM) database. If the logon data\r\nmatches the stored credentials, the authentication package permits the logon to succeed.\r\nAfter successfully authenticating a security principal's credentials, an authentication package is responsible for\r\ncreating a new LSA logon session for the principal and allocating the logon identifier that uniquely identifies the\r\nlogon session. The authentication package may associate credential information with the logon session for\r\nsubsequent authentication requests. For example, the MSV1_0 authentication package (provided by Microsoft)\r\nassociates the user account name and a hash of the user's password with each logon session.\r\nThe authentication package also provides a set of security identifiers (SIDs) and other information appropriate for\r\ninclusion in the security token created by the LSA. This token will represent the principal's security context for\r\naccess to Windows operations.\r\nAfter a logon session is created and associated with a principal, subsequent authentication requests made on behalf\r\nof the principal are handled differently than the initial logon. The authentication package does not create a new\r\nlogon session nor return information for creating a token. The authentication package can, however, associate\r\nsupplemental credentials obtained during a subsequent authentication with the principal's existing logon session.\r\nhttps://msdn.microsoft.com/library/windows/desktop/aa374733.aspx\r\nPage 1 of 2\n\nSupplemental credentials are obtained when access to a requested resource requires information beyond the\r\ncredentials established by the initial logon. For example, when a logged-on user requests a Novell network logon,\r\na Novell-specific authentication package can be called and Novell-specific credentials can be authenticated and\r\nassociated with the logon session. These credentials can be referenced by a Novell redirector (by way of the\r\nNovell authentication package) when the user accesses the Novell network.\r\nThe following topics discuss the various types of Authentication packages:\r\nWindows Authentication Packages\r\nSecurity Support Provider/Authentication Packages\r\nAuthentication Packages Provided by Microsoft\r\nSubauthentication Packages\r\nSource: https://msdn.microsoft.com/library/windows/desktop/aa374733.aspx\r\nhttps://msdn.microsoft.com/library/windows/desktop/aa374733.aspx\r\nPage 2 of 2",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"MITRE"
	],
	"origins": [
		"web"
	],
	"references": [
		"https://msdn.microsoft.com/library/windows/desktop/aa374733.aspx"
	],
	"report_names": [
		"aa374733.aspx"
	],
	"threat_actors": [],
	"ts_created_at": 1775434210,
	"ts_updated_at": 1775826713,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/c8403c7c291ab7a1ed66376b52045330d21a1822.pdf",
		"text": "https://archive.orkl.eu/c8403c7c291ab7a1ed66376b52045330d21a1822.txt",
		"img": "https://archive.orkl.eu/c8403c7c291ab7a1ed66376b52045330d21a1822.jpg"
	}
}