Good articles and Source code:
https://learn.microsoft.com/en-us/windows/win32/secauthn/sample-sspi-code - Microsoft Source code.
https://learn.microsoft.com/en-us/windows/win32/secauthn/authentication-functions - All authentication standard functions.
https://blog.xpnsec.com/exploring-mimikatz-part-2/ - walks into depth on how to rev and found out the raw RPC call to addSecurityPackage.
The software implementation of a security protocol. Security packages are contained in security support provider DLLs or security support provider/authentication package DLLs.
A specification that defines security-related data objects and rules about how the objects are used to maintain security on a computer system.
A DLL that encapsulates the authentication logic used to determine whether to permit a user to log on. LSA authenticates a user logon by sending the request to an authentication package. The authentication package then examines the logon information and either authenticates or rejects the user logon attempt.
Users can use LsaLogonUsers() or LsaCallAuthenticationPackage() to pass the logon information to the authentication package
Example :
(SSPI) A common interface between transport-level applications, such as Microsoft Remote Procedure Call (RPC), and security providers, such as Windows Distributed Security. SSPI allows a transport application to call one of several security providers to obtain an authenticated connection. These calls do not require extensive knowledge of the security protocol's details.
(SSP) A dynamic-link library (DLL) that implements the SSPI by making one or more security packages available to applications. The default security provider is loaded to LSA on startup. Each security package provides mappings between an application's SSPI function calls and an actual security model's functions. Security packages support security protocols such as Kerberos authentication and the Microsoft LAN Manager.
Example of Providers: