What is the difference in packet structure between user enumeration and password verification in Kerberos pre-authentication?

User enumeration sends a simple AS-REQ without padata, while password verification includes a padata section containing an encrypted timestamp (PA-ENC-TIMESTAMP) derived from the password or NTLM hash. The padata-value is computed by encrypting the current time with the user's key, which is derived from the plaintext password or NTLM hash. This addition confirms the password validity.