!!! Overview
[{$pagename}] is a concept within [Kerberos].


[{$pagename}] is defined in [RFC 6113] and an [IANA Registry] for [Pre-authentication and Typed Data|https://www.iana.org/assignments/kerberos-parameters/kerberos-parameters.xhtml#pre-authentication|target='_blank']


[{$pagename}] is a security feature which offers protection against [password-guessing|Brute-Force] [attacks]. The AS request identifies the client to the [KDC] in [Plaintext]. If [{$pagename}] is enabled, a [Timestamp] will be [encrypted] using the user's [password] [hash] as an [encryption] [key]. If the [KDC] reads a valid time when using the user's password hash, which is available in the [Microsoft Active Directory], to decrypt the [Timestamp], the [KDC] knows that request isn't a replay of a previous request.


Without [{$pagename}] a [malicious] [attacker] can directly send a dummy request for [authentication]. The [KDC] will return an [encrypted] [TGT] and the [attacker] can brute force it offline. 
Upon checking the [KDC] logs, nothing will be seen except a single request for a [TGT]. When [Kerberos] [timestamp] [{$pagename}] is enforced, the [attacker] cannot directly ask the [KDCs] for the encrypted material to [Brute-Force] offline.


!! More Information
There might be more information for this subject on one of the following:
[{ReferringPagesPlugin before='*' after='\n' }]