LSA Mode vs. User Mode
When an SSP/AP security package is functioning as an authentication package, it is loaded into the process space of the Local Security Authority (LSA) and is said to be in LSA mode. Logon applications access authentication package functionality using the LSA Logon Functions. Developers can use LSA support functions available only to LSA-mode security packages to implement more sophisticated authentication packages than previously supported.
When a security package provides security services to a client/server application, it is loaded into the client and server processes and is said to be in user mode. Client/server applications access the security package's security support services using Microsoft Security Support Provider Interface (SSPI).
LSA support for SSP/APs includes functions that the LSA-mode and user-mode instances of a security package can use to communicate. Additionally, the user-mode instance of a security package can delegate selected requests for information to the LSA-mode instance of the package.