HostedDB - Dedicated UNIX Servers
nt-part2_15 Analysis of the Security of  Windows NT 1 March 1999 15 SAM (Security Accounts Manager) is responsible for managing  information about accounts for users and usergroups either locally or domain wide depending on its role. It also provides support for the authentication package, see section 5.3. The secure accounts are stored as subobject in a database in the registry. This database is accessed and managed only by SAM. Table 2 shows some of the information stored in the subobjects [43]. The hash function used to store the passwords is MD4. 3.5  Objects In NT, both software and hardware resources are represented by objects, e.g. files, semaphores, timers, threads, processes, and memory. In fact, there are two kinds of objects [3]: Microkernel objects which are created by the microkernel and are exported to the rest of the executive.     Executive objects which are visible in user mode. Most executive objects encapsu- late (contain) one or more microkernel objects. 3.5.1  Microkernel objects Microkernel objects, sometimes simply called kernel objects, are the most primitive set of objects implemented by the kernel and are not user-visible. They provide fundamen- tal capabilities, that can only be accomplished by the kernel, which resides at the low- est layer of the OS. There are two types of kernel objects [43]: Dispatcher objects control scheduling and synchronization.  Mutant,  Event and Event Pair,  Semaphore,  Timer,  Thread,  Process, and  Queue form the set of dis- patcher objects in NT. These dispatcher objects have a  signalled state, allowing threads to suspend their own execution while waiting for the signalled state to change. Control objects are passive objects used for executive and device driver control. These are not waitable, and therefore, they do not have a signal state. Control objects include: Interrupts, Device queues, Profiles, Asynchronous Procedure Calls (APCs), and Deferred Procedure Calls (DPCs). 3.5.2  Executive Objects The executive provides a number of objects for the servers, e.g. Win32, and WinL- ogon. These objects, which are listed in Table 3, are called executive objects. They should not be confused with the objects provided to application programs through the Win32 API, the POSIX API, or the OS/2 API. In some cases, servers directly supply executive objects to their client applications. In addition, a server can construct a new type of object, for the clients, based on one or more of the primitive ones. Processes, threads and access tokens are further described in section 5, because these are key com- ponents in the security system.