Quite a few programs now offer the ability to automatically log in to the program using your windows credentials so that you do not have to enter a separate username and password for the application.
I had assumed that the way this works is simply that the program looks at your windows username and just bases its security on that - it does not actually need to know your windows password at all as it knows that if you are logged on to the PC with that username then you have already had to enter the windows password to get logged in to the PC (unless the user has just left the PC unlocked and walked off of course...).

However someone mentioned a piece of software called VisualSVN to me today (something I'm sure a lot of you are familiar with) and I just noticed on their website it says this about the Integrated Windows Auth mode that their software can use:
Unlike Basic authentication, Integrated Windows Authentication (formerly known as NTLM authentication) does not prompt users for a username and password. The current Windows user information on the client computer is supplied through a cryptographic exchange involving hashing with the VisualSVN Server. Either NTLM or Kerberos V5 authentication protocols can be used.
Now I dont understand how it can actually do this NTLM/Kerberos authentication without having to ask the user for their password initially, store the user's password somewhere locally, transmit it to the server each time the user logs in to the program and then fail to login every time the user changes their password and prompt them for it again...

So basically I'm just wondering how people implement this functionality in their apps if anyone here has ever done it. I'm thinking that the description from the VisualSVN site is just marketing bumf and it doesnt actually work like that but perhaps there is something I'm not thinking of that could make this work smoothly and not just rely on the user's username on its own to prove their identity.

Cheers
Chris