Drawing the line between models & libraries?

Question

As my webapps increase in size, so does the complexity. In order to keep my classes & files structured and easy-to-access, I am starting to get more and more confused:

I have some very clearly defined data objects in my application - orders, invoices, products for example. All of those have their own entity object that handles enforcement of values and pure business logic along with a model that handles storage of each object to my persistent storage of choice (database).

Ok - everything clear and separated that far. But what about a logic-heavy object like users?

Users log in and out, change password (with everything that means - hashing, encrypting and so forth) and do a whole lot of interaction both in the database and with Sessions.

Right now, I use an Authentication-class, a library, which carries all of these mentioned actions and a lot more. It does it's job, but It's kind of unclear to me what I should put into a model and what should be a Library?