| Code | Field | Name | Description |
|---|---|---|---|
| 0 | PreAuthType | - | Logon without Pre-Authentication. |
| 2 | PreAuthType | PA-ENC-TIMESTAMP | This is a normal type for standard password authentication. |
| 11 | PreAuthType | PA-ETYPE-INFO | The ETYPE-INFO pre-authentication type is sent by the KDC in a KRB-ERROR indicating a requirement for additional pre-authentication. It is usually used to notify a client of which key to use for the encryption of an encrypted timestamp for the purposes of sending a PA-ENC-TIMESTAMP pre-authentication value. Never saw this Pre-Authentication Type in Microsoft Active Directory environment. |
| 15 | PreAuthType | PA-PK-AS-REP_OLD | Used for Smart Card logon authentication. |
| 17 | PreAuthType | PA-PK-AS-REP | This type should also be used for Smart Card authentication, but in certain Active Directory environments, it is never seen. |
| 19 | PreAuthType | PA-ETYPE-INFO2 | The ETYPE-INFO2 pre-authentication type is sent by the KDC in a KRB-ERROR indicating a requirement for additional pre-authentication. It is usually used to notify a client of which key to use for the encryption of an encrypted timestamp for the purposes of sending a PA-ENC-TIMESTAMP pre-authentication value. Never saw this Pre-Authentication Type in Microsoft Active Directory environment. |
| 20 | PreAuthType | PA-SVR-REFERRAL-INFO | Used in KDC Referrals tickets. |
| 138 | PreAuthType | PA-ENCRYPTED-CHALLENGE | Logon using Kerberos Armoring (FAST). Supported starting from Windows Server 2012 domain controllers and Windows 8 clients. |