Authentication/SAM Search: How?

[Shannon Hembrough]

How is the SAM database searched when a user attempts authentication
onto an NT domain?

The NT Resource Kit (page 86) gives the following steps to the
validation process:
1. User presses ctrl-alt-del
2. User provides username and password and the
logon process calles the Local Security
Authority (LSA)
3. The LSA runs the appropriate authentication
package
4. The authentication package checks the user
accounts database to see if the account is
local. If it is, the username and password
are verified against those held in the user
accounts database.
5. When the account is validated, SAM (which
owns the user-accounts database) returns the
user's security ID and the security ISs of
any global groups to whihch the user belongs
ETC

** In step 3 above, what is "the appropriate authentication package?
** In step 4 above, exactly how is the database checked?
** Does the "appropriate authentication package" go through and look at
every username in the SAM and compare it with the requested username?
** Or is there some type of boolean search done on the database?
** Is the SAM database indexed for any type of searching? How?

I am attempting to design a network which will authenticate over 17,000
users. Knowing how the authentication process works will help me to
better understand how authentication performance will improve (or if it
will at all) with multiple master domains rather than a single master
domain.

Thanks in advance for your help,
Shannon
sha...@bc.edu

[Shannon Hembrough]