Client Authentication added to wrong flag

[funnybananas]

--clientauth should add the "Client Authentication" Application Policy to mspki-certificate-application-policy not to the pKIExtendedKeyUsage property. Only adding it to pKIExtendedKeyUsage still does not allow for Domain user impersonation.

#14

[andretorresbr]

I confirm this. When trying to Pass-the-Cert using Rubeus, I receive this error:

Maybe both mspki-certificate-application-policy and pKIExtendedKeyUsage should be changed.

Regards.