Add support for SPP to authenticate with Kerberos PreAuth against Active Directory (4380257)

For Kerberos-enabled domains, multiple false positive errors are generated during password operations due to Kerberos Pre-Auth 

AD authentications show multiple KDC_ERR_PREAUTH_REQUIRED errors in AD monitoring application logs.  

SPP uses Kerberos to authenticate, by contacting the target asset and then the asset responding with a pre-authentication request, where you may see the KDC_ERR_PREAUTH_REQUIRED errors in event logs.

This is because a KDC replies with either KRB5KDC_ERR_PREAUTH_REQUIRED (users that exist but didn't include preauth data); or KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN (users that do not exist). 

STATUS:

Enhancement Request # 504881 was created for consideration in a future version of SPP subject to successful QA testing and Product Management approval.

WORKAROUND:

These errors can be safely ignored if the source is from SPP as they are expected when Kerberos is used for authentication.