Here is an article that shows how to hook up multiple authentication service providers to a single SharePoint Site Collection using Alternate access mappings.
This is ideal for Extranet scenarios where you want the External users to be registered in a SQL server (and so not clutter up your AD) but you still want to be able to have internal users access it using NTLM Authentication.
Note that anything other than an AD membership provider will result in a degraded user experience (You will only be able to display user information captured in your membership provider, and you will lose some of the "Online Aware" user features)
==================================================
MOSS 2007 – http://technet2.microsoft.com/Office/en-us/library/40117fda-70a0-4e3d-8cd3-0def768da16c1033.mspx?mfr=true
==================================================
Using different authentication methods to access a site
You can configure Web applications in Windows SharePoint Services 3.0 to be accessed by up to five different authentication methods or identity management systems. The following figure illustrates a partner application that is configured to be accessed by users from two different identity management systems. Internal employees are authenticated by using one of the standard Windows authentication methods. Employees of the partner company are authenticated against their own company’s identity management system.
To configure a Web application to be accessed by two or more different authentication systems, you must configure additional zones for the Web application. Zones represent different logical paths of gaining access to the same physical application. With a typical partner application, employees of a partner company access the application through the Internet, while internal employees access the application directly through the intranet.
To create a new zone, extend the Web application. On the Extend Web Application to Another IIS Web Site page, in the Load Balanced URL section, specify the URL and zone type. The zone type is simply a category name applied to the zone and does not affect the configuration of the zone.
After extending the Web application, you can configure a separate authentication method for the new zone. The following figure shows the Authentication Providers page for a Web application that is configured by using two different zones. The default zone is the zone used by internal employees. The Internet zone is configured for partner access and uses ASP.NET forms to authenticate partner employees against the partner identity management system.
SharePoint Blog 