I am trying to better understand Kerberos Armoring as it relates to authentication.
Is it correct to say that, during the KRB_AS_REQ, the client’s authenticator is encrypted using the logon user’s longterm key as derived from his password, then this entire message is further encrypted using the logon computer’s longterm key? And that this additional encryption is what is conferred by the 'armoring'?
Thanks for the clarification.