Code Field Name Description
0 PreAuthType - Logon without Pre-Authentication.
2 PreAuthType PA-ENC-TIMESTAMP This is a normal type for standard password authentication.
11 PreAuthType PA-ETYPE-INFO The ETYPE-INFO pre-authentication type is sent by the KDC in a KRB-ERROR indicating a requirement for additional pre-authentication. It is usually used to notify a client of which key to use for the encryption of an encrypted timestamp for the purposes of sending a PA-ENC-TIMESTAMP pre-authentication value. Never saw this Pre-Authentication Type in Microsoft Active Directory environment.
15 PreAuthType PA-PK-AS-REP_OLD Used for Smart Card logon authentication.
17 PreAuthType PA-PK-AS-REP This type should also be used for Smart Card authentication, but in certain Active Directory environments, it is never seen.
19 PreAuthType PA-ETYPE-INFO2 The ETYPE-INFO2 pre-authentication type is sent by the KDC in a KRB-ERROR indicating a requirement for additional pre-authentication. It is usually used to notify a client of which key to use for the encryption of an encrypted timestamp for the purposes of sending a PA-ENC-TIMESTAMP pre-authentication value. Never saw this Pre-Authentication Type in Microsoft Active Directory environment.
20 PreAuthType PA-SVR-REFERRAL-INFO Used in KDC Referrals tickets.
138 PreAuthType PA-ENCRYPTED-CHALLENGE Logon using Kerberos Armoring (FAST). Supported starting from Windows Server 2012 domain controllers and Windows 8 clients.



More Information

Active Directory Access Codes and Rights AttributeSyntaxOID File System Objects Access Rights ImpersonationLevel Integrity Level Labels for Groups and Accounts Internet Protocol Numbers Kerberos Encryption Types Logon Rights LogonType Mandatory / Integrity Label Netlogon Error Codes Object Types PreAuthType Privileges SecurityPackages TGT/TGS Issue Error Codes Well-known Security Identifiers (SIDs) Windows