The link below may help and explains the kerberos process used which would
be the default authentication method. --- Steve
http://www.windowsitlibrary.com/Content/617/06/3.html
Single-domain logon
A single-domain logon occurs when the following takes place:
a.. Alice is logging on from a machine that is a member of the domain
where Alice's account has been defined (this is a local logon).
b.. Alice accesses a resource located on a machine that is a member of
Alice's logon domain (this is network logon).
Local logon
Figure 16 and the following list show what happens during a local logon in a
single-domain environment:
1.. Alice presses <CTRL><ALT><DEL> and chooses to log on to the domain.
2.. The client software acting on behalf of Alice tries to locate a KDC
service for the domain; this is done by querying DNS. The Kerberos package
will retry up to three times to contact a KDC. It initially waits ten
seconds for a reply and will wait an additional ten seconds on each retry.
In most cases a KDC is already known; the discovery of a DC is also part of
the secure channel setup that occurs before any local logon.
3.. Once the DC is found, Alice sends a Kerberos authentication request to
the DC. This request authenticates Alice to the DC and contains a TGT
request (KRB_AS_REQ).
4.. The Authentication Service authenticates Alice, generates a TGT, and
sends it back to the client (KRB_AS_REP).
5.. The local machine where Alice logged on is, as with any other domain
resource, a resource for which Alice needs a ticket. Alice sends a ticket
request to the DC using her TGT (together with an authenticator)
(KRB_TGS_REQ).
6.. The TGS of the DC checks the TGT and the authenticator, generates a
ticket for the local machine, and sends it back to Alice (KRB_TGS_REP).
7.. On Alice's machine, the ticket is presented to the Local Security
Authority, which will create an access token for Alice. From then on, any
process acting on behalf of Alice can access the local machine's resources.
