Code Field Name Description
0 PreAuthType - Logon without Pre-Authentication.
2 PreAuthType PA-ENC-TIMESTAMP This is a normal type for standard password authentication.
11 PreAuthType PA-ETYPE-INFO The ETYPE-INFO pre-authentication type is sent by the KDC in a KRB-ERROR indicating a requirement for additional pre-authentication. It is usually used to notify a client of which key to use for the encryption of an encrypted timestamp for the purposes of sending a PA-ENC-TIMESTAMP pre-authentication value. Never saw this Pre-Authentication Type in Microsoft Active Directory environment.
15 PreAuthType PA-PK-AS-REP_OLD Used for Smart Card logon authentication.
17 PreAuthType PA-PK-AS-REP This type should also be used for Smart Card authentication, but in certain Active Directory environments, it is never seen.
19 PreAuthType PA-ETYPE-INFO2 The ETYPE-INFO2 pre-authentication type is sent by the KDC in a KRB-ERROR indicating a requirement for additional pre-authentication. It is usually used to notify a client of which key to use for the encryption of an encrypted timestamp for the purposes of sending a PA-ENC-TIMESTAMP pre-authentication value. Never saw this Pre-Authentication Type in Microsoft Active Directory environment.
20 PreAuthType PA-SVR-REFERRAL-INFO Used in KDC Referrals tickets.
138 PreAuthType PA-ENCRYPTED-CHALLENGE Logon using Kerberos Armoring (FAST). Supported starting from Windows Server 2012 domain controllers and Windows 8 clients.