PreAuthType
Insertion Strings
Pre-Authentication Type
0 |
- Logon without Pre-Authentication. |
2 |
PA-ENC-TIMESTAMP This is a normal type for standard password authentication. |
11 |
PA-ETYPE-INFO The ETYPE-INFO pre-authentication type is sent by the KDC in a KRB-ERROR indicating a requirement for additional pre-authentication. It is usually used to notify a client of which key to use for the encryption of an encrypted timestamp for the purposes of sending a PA-ENC-TIMESTAMP pre-authentication value. Never saw this Pre-Authentication Type in Microsoft Active Directory environment. |
15 |
PA-PK-AS-REP_OLD Used for Smart Card logon authentication. |
17 |
PA-PK-AS-REP This type should also be used for Smart Card authentication, but in certain Active Directory environments, it is never seen. |
19 |
PA-ETYPE-INFO2 The ETYPE-INFO2 pre-authentication type is sent by the KDC in a KRB-ERROR indicating a requirement for additional pre-authentication. It is usually used to notify a client of which key to use for the encryption of an encrypted timestamp for the purposes of sending a PA-ENC-TIMESTAMP pre-authentication value. Never saw this Pre-Authentication Type in Microsoft Active Directory environment. |
20 |
PA-SVR-REFERRAL-INFO Used in KDC Referrals tickets. |
138 |
PA-ENCRYPTED-CHALLENGE Logon using Kerberos Armoring (FAST). Supported starting from Windows Server 2012 domain controllers and Windows 8 clients. |