1 \subsection{error_table krb5}
6 The Kerberos v5 library error code table follows.
7 Protocol error codes are ERROR_TABLE_BASE_krb5 + the protocol error
8 code number. Other error codes start at ERROR_TABLE_BASE_krb5 + 128.
12 {\sc krb5kdc_err_none }& No error \\
13 {\sc krb5kdc_err_name_exp }& Client's entry in database has expired \\
14 {\sc krb5kdc_err_service_exp }& Server's entry in database has expired \\
15 {\sc krb5kdc_err_bad_pvno }& Requested protocol version not supported \\
16 {\sc krb5kdc_err_c_old_mast_kvno }& \parbox[t]{2in}{Client's key is encrypted in an old master key} \\
17 {\sc krb5kdc_err_s_old_mast_kvno }& \parbox[t]{2in}{Server's key is encrypted in an old master key} \\
18 {\sc krb5kdc_err_c_principal_unknown }& Client not found in Kerberos database \\
19 {\sc krb5kdc_err_s_principal_unknown }& Server not found in Kerberos database \\
20 {\sc krb5kdc_err_principal_not_unique }&\parbox[t]{2in}{\raggedright{Principal has multiple entries in Kerberos database}} \\
21 {\sc krb5kdc_err_null_key }& Client or server has a null key \\
22 {\sc krb5kdc_err_cannot_postdate }& Ticket is ineligible for postdating \\
23 {\sc krb5kdc_err_never_valid }& \parbox[t]{2in}{Requested effective lifetime is negative or too short} \\
24 {\sc krb5kdc_err_policy }& KDC policy rejects request \\
25 {\sc krb5kdc_err_badoption }& KDC can't fulfill requested option \\
26 {\sc krb5kdc_err_etype_nosupp }& KDC has no support for encryption type \\
27 {\sc krb5kdc_err_sumtype_nosupp }& KDC has no support for checksum type \\
28 {\sc krb5kdc_err_padata_type_nosupp }& KDC has no support for padata type \\
29 {\sc krb5kdc_err_trtype_nosupp }& KDC has no support for transited type \\
30 {\sc krb5kdc_err_client_revoked }& Clients credentials have been revoked \\
31 {\sc krb5kdc_err_service_revoked }& Credentials for server have been revoked \\
32 {\sc krb5kdc_err_tgt_revoked }& TGT has been revoked \\
33 {\sc krb5kdc_err_client_notyet }& Client not yet valid - try again later \\
34 {\sc krb5kdc_err_service_notyet }& Server not yet valid - try again later \\
35 {\sc krb5kdc_err_key_exp }& Password has expired \\
36 {\sc krb5kdc_preauth_failed }& Preauthentication failed \\
37 {\sc krb5kdc_err_preauth_require }& Additional pre-authentication required \\
38 {\sc krb5kdc_err_server_nomatch }& Requested server and ticket don't match \\
39 \multicolumn{2}{c}{error codes 27-30 are currently placeholders}\\
44 {\sc krb5krb_ap_err_bad_integrity }& Decrypt integrity check failed \\
45 {\sc krb5krb_ap_err_tkt_expired }& Ticket expired \\
46 {\sc krb5krb_ap_err_tkt_nyv }& Ticket not yet valid \\
47 {\sc krb5krb_ap_err_repeat }& Request is a replay \\
48 {\sc krb5krb_ap_err_not_us }& The ticket isn't for us \\
49 {\sc krb5krb_ap_err_badmatch }& Ticket/authenticator don't match \\
50 {\sc krb5krb_ap_err_skew }& Clock skew too great \\
51 {\sc krb5krb_ap_err_badaddr }& Incorrect net address \\
52 {\sc krb5krb_ap_err_badversion }& Protocol version mismatch \\
53 {\sc krb5krb_ap_err_msg_type }& Invalid message type \\
54 {\sc krb5krb_ap_err_modified }& Message stream modified \\
55 {\sc krb5krb_ap_err_badorder }& Message out of order \\
56 {\sc krb5placehold_43 }& KRB5 error code 43 \\
57 {\sc krb5krb_ap_err_badkeyver }& Key version is not available \\
58 {\sc krb5krb_ap_err_nokey }& Service key not available \\
59 {\sc krb5krb_ap_err_mut_fail }& Mutual authentication failed \\
60 {\sc krb5krb_ap_err_baddirection }& Incorrect message direction \\
61 {\sc krb5krb_ap_err_method }& Alternative authentication method required \\
62 {\sc krb5krb_ap_err_badseq }& Incorrect sequence number in message \\
63 {\sc krb5krb_ap_err_inapp_cksum }& Inappropriate type of checksum in message \\
64 \multicolumn{2}{c}{error codes 51-59 are currently placeholders} \\
66 {\sc krb5krb_err_generic }& Generic error (see e-text) \\
67 {\sc krb5krb_err_field_toolong }& Field is too long for this implementation \\
68 \multicolumn{2}{c}{error codes 62-127 are currently placeholders} \\
72 {\sc krb5_libos_badlockflag }& Invalid flag for file lock mode \\
73 {\sc krb5_libos_cantreadpwd }& Cannot read password \\
74 {\sc krb5_libos_badpwdmatch }& Password mismatch \\
75 {\sc krb5_libos_pwdintr }& Password read interrupted \\
76 {\sc krb5_parse_illchar }& Illegal character in component name \\
77 {\sc krb5_parse_malformed }& Malformed representation of principal \\
78 {\sc krb5_config_cantopen }& Can't open/find configuration file \\
79 {\sc krb5_config_badformat }& Improper format of configuration file \\
80 {\sc krb5_config_notenufspace }& Insufficient space to return complete information \\
81 {\sc krb5_badmsgtype }& Invalid message type specified for encoding \\
82 {\sc krb5_cc_badname }& Credential cache name malformed \\
83 {\sc krb5_cc_unknown_type }& Unknown credential cache type \\
84 {\sc krb5_cc_notfound }& Matching credential not found \\
85 {\sc krb5_cc_end }& End of credential cache reached \\
86 {\sc krb5_no_tkt_supplied }& Request did not supply a ticket \\
87 {\sc krb5krb_ap_wrong_princ }& Wrong principal in request \\
88 {\sc krb5krb_ap_err_tkt_invalid }& Ticket has invalid flag set \\
89 {\sc krb5_princ_nomatch }& Requested principal and ticket don't match \\
90 {\sc krb5_kdcrep_modified }& KDC reply did not match expectations \\
91 {\sc krb5_kdcrep_skew }& Clock skew too great in KDC reply \\
92 {\sc krb5_in_tkt_realm_mismatch }&\parbox[t]{2.5 in}{Client/server realm
93 mismatch in initial ticket requst}\\
95 {\sc krb5_prog_etype_nosupp }& Program lacks support for encryption type \\
96 {\sc krb5_prog_keytype_nosupp }& Program lacks support for key type \\
97 {\sc krb5_wrong_etype }& Requested encryption type not used in message \\
98 {\sc krb5_prog_sumtype_nosupp }& Program lacks support for checksum type \\
99 {\sc krb5_realm_unknown }& Cannot find KDC for requested realm \\
100 {\sc krb5_service_unknown }& Kerberos service unknown \\
101 {\sc krb5_kdc_unreach }& Cannot contact any KDC for requested realm \\
102 {\sc krb5_no_localname }& No local name found for principal name \\
104 %\multicolumn{1}{c}{some of these should be combined/supplanted by system codes} \\
108 {\sc krb5_rc_type_exists }& Replay cache type is already registered \\
109 {\sc krb5_rc_malloc }& No more memory to allocate (in replay cache code) \\
110 {\sc krb5_rc_type_notfound }& Replay cache type is unknown \\
111 {\sc krb5_rc_unknown }& Generic unknown RC error \\
112 {\sc krb5_rc_replay }& Message is a replay \\
113 {\sc krb5_rc_io }& Replay I/O operation failed XXX \\
114 {\sc krb5_rc_noio }& \parbox[t]{3in}{Replay cache type does not support non-volatile storage} \\
115 {\sc krb5_rc_parse }& Replay cache name parse/format error \\
116 {\sc krb5_rc_io_eof }& End-of-file on replay cache I/O \\
117 {\sc krb5_rc_io_malloc }& \parbox[t]{3in}{No more memory to allocate (in replay cache I/O code)}\\
118 {\sc krb5_rc_io_perm }& Permission denied in replay cache code \\
119 {\sc krb5_rc_io_io }& I/O error in replay cache i/o code \\
120 {\sc krb5_rc_io_unknown }& Generic unknown RC/IO error \\
121 {\sc krb5_rc_io_space }& Insufficient system space to store replay information \\
122 {\sc krb5_trans_cantopen }& Can't open/find realm translation file \\
123 {\sc krb5_trans_badformat }& Improper format of realm translation file \\
124 {\sc krb5_lname_cantopen }& Can't open/find lname translation database \\
125 {\sc krb5_lname_notrans }& No translation available for requested principal \\
126 {\sc krb5_lname_badformat }& Improper format of translation database entry \\
127 {\sc krb5_crypto_internal }& Cryptosystem internal error \\
128 {\sc krb5_kt_badname }& Key table name malformed \\
129 {\sc krb5_kt_unknown_type }& Unknown Key table type \\
130 {\sc krb5_kt_notfound }& Key table entry not found \\
131 {\sc krb5_kt_end }& End of key table reached \\
132 {\sc krb5_kt_nowrite }& Cannot write to specified key table \\
133 {\sc krb5_kt_ioerr }& Error writing to key table \\
134 {\sc krb5_no_tkt_in_rlm }& Cannot find ticket for requested realm \\
135 {\sc krb5des_bad_keypar }& DES key has bad parity \\
136 {\sc krb5des_weak_key }& DES key is a weak key \\
137 {\sc krb5_bad_keytype }& Keytype is incompatible with encryption type \\
138 {\sc krb5_bad_keysize }& Key size is incompatible with encryption type \\
139 {\sc krb5_bad_msize }& Message size is incompatible with encryption type \\
140 {\sc krb5_cc_type_exists }& Credentials cache type is already registered. \\
141 {\sc krb5_kt_type_exists }& Key table type is already registered. \\
142 {\sc krb5_cc_io }& Credentials cache I/O operation failed XXX \\
143 {\sc krb5_fcc_perm }& Credentials cache file permissions incorrect \\
144 {\sc krb5_fcc_nofile }& No credentials cache file found \\
145 {\sc krb5_fcc_internal }& Internal file credentials cache error \\
146 {\sc krb5_cc_nomem }& \parbox[t]{3in}{No more memory to allocate (in credentials cache code)}\\
150 \multicolumn{2}{c}{errors for dual TGT library calls} \\
152 {\sc krb5_invalid_flags }& Invalid KDC option combination (library internal error) \\
153 {\sc krb5_no_2nd_tkt }& Request missing second ticket \\
154 {\sc krb5_nocreds_supplied }& No credentials supplied to library routine \\
159 \multicolumn{2}{c}{errors for sendauth and recvauth} \\
161 {\sc krb5_sendauth_badauthvers }& Bad sendauth version was sent \\
162 {\sc krb5_sendauth_badapplvers }& Bad application version was sent (via sendauth) \\
163 {\sc krb5_sendauth_badresponse }& Bad response (during sendauth exchange) \\
164 {\sc krb5_sendauth_rejected }& Server rejected authentication\\
165 & \ (during sendauth exchange) \\
166 {\sc krb5_sendauth_mutual_failed }& Mutual authentication failed\\&\ (during sendauth exchange) \\
171 \multicolumn{2}{c}{errors for preauthentication} \\
173 {\sc krb5_preauth_bad_type }& Unsupported preauthentication type \\
174 {\sc krb5_preauth_no_key }& Required preauthentication key not supplied \\
175 {\sc krb5_preauth_failed }& Generic preauthentication failure \\
180 \multicolumn{2}{c}{version number errors} \\
182 {\sc krb5_rcache_badvno }& Unsupported replay cache format version number \\
183 {\sc krb5_ccache_badvno }& Unsupported credentials cache format version number \\
184 {\sc krb5_keytab_badvno }& Unsupported key table format version number \\
189 \multicolumn{2}{c}{other errors} \\
191 {\sc krb5_prog_atype_nosupp }& Program lacks support for address type \\
192 {\sc krb5_rc_required }& Message replay detection requires\\&\ rcache parameter \\
193 {\sc krb5_err_bad_hostname }& Hostname cannot be canonicalized \\
194 {\sc krb5_err_host_realm_unknown }& Cannot determine realm for host \\
195 {\sc krb5_sname_unsupp_nametype }& Conversion to service principal undefined\\&\ for name type \\
196 {\sc krb5krb_ap_err_v4_reply }& Initial Ticket Response appears to be\\
197 &\ Version 4 error \\
198 {\sc krb5_realm_cant_resolve }& Cannot resolve KDC for requested realm \\
199 {\sc krb5_tkt_not_forwardable }& Requesting ticket can't get forwardable tickets \\
203 \subsection{error_table kdb5}
208 The Kerberos v5 database library error code table
212 \multicolumn{2}{c}{From the server side routines} \\
213 {\sc krb5_kdb_inuse }& Entry already exists in database\\
214 {\sc krb5_kdb_uk_serror }& Database store error\\
215 {\sc krb5_kdb_uk_rerror }& Database read error\\
216 {\sc krb5_kdb_unauth }& Insufficient access to perform requested operation\\
217 {\sc krb5_kdb_noentry }& No such entry in the database\\
218 {\sc krb5_kdb_ill_wildcard }& Illegal use of wildcard\\
219 {\sc krb5_kdb_db_inuse }& Database is locked or in use--try again later\\
220 {\sc krb5_kdb_db_changed }& Database was modified during read\\
221 {\sc krb5_kdb_truncated_record }& Database record is incomplete or corrupted\\
222 {\sc krb5_kdb_recursivelock }& Attempt to lock database twice\\
223 {\sc krb5_kdb_notlocked }& Attempt to unlock database when not locked\\
224 {\sc krb5_kdb_badlockmode }& Invalid kdb lock mode\\
225 {\sc krb5_kdb_dbnotinited }& Database has not been initialized\\
226 {\sc krb5_kdb_dbinited }& Database has already been initialized\\
227 {\sc krb5_kdb_illdirection }& Bad direction for converting keys\\
228 {\sc krb5_kdb_nomasterkey }& Cannot find master key record in database\\
229 {\sc krb5_kdb_badmasterkey }& Master key does not match database\\
230 {\sc krb5_kdb_invalidkeysize }& Key size in database is invalid\\
231 {\sc krb5_kdb_cantread_stored }& Cannot find/read stored master key\\
232 {\sc krb5_kdb_badstored_mkey }& Stored master key is corrupted\\
233 {\sc krb5_kdb_cantlock_db }& Insufficient access to lock database \\
234 {\sc krb5_kdb_db_corrupt }& Database format error\\
235 {\sc krb5_kdb_bad_version }& Unsupported version in database entry \\
242 \subsection{error_table kv5m}
244 The Kerberos v5 magic numbers errorcode table follows. These are used
245 for the magic numbers found in data structures.
249 {\sc kv5m_none }& Kerberos V5 magic number table \\
250 {\sc kv5m_principal }& Bad magic number for krb5_principal structure \\
251 {\sc kv5m_data }& Bad magic number for krb5_data structure \\
252 {\sc kv5m_keyblock }& Bad magic number for krb5_keyblock structure \\
253 {\sc kv5m_checksum }& Bad magic number for krb5_checksum structure \\
254 {\sc kv5m_encrypt_block }& Bad magic number for krb5_encrypt_block structure \\
255 {\sc kv5m_enc_data }& Bad magic number for krb5_enc_data structure \\
256 {\sc kv5m_cryptosystem_entry }& Bad magic number for krb5_cryptosystem_entry\\&\ structure \\
257 {\sc kv5m_cs_table_entry }& Bad magic number for krb5_cs_table_entry structure \\
258 {\sc kv5m_checksum_entry }& Bad magic number for krb5_checksum_entry structure \\
260 {\sc kv5m_authdata }& Bad magic number for krb5_authdata structure \\
261 {\sc kv5m_transited }& Bad magic number for krb5_transited structure \\
262 {\sc kv5m_enc_tkt_parT }& Bad magic number for krb5_enc_tkt_part structure \\
263 {\sc kv5m_ticket }& Bad magic number for krb5_ticket structure \\
264 {\sc kv5m_authenticator }& Bad magic number for krb5_authenticator structure \\
265 {\sc kv5m_tkt_authent }& Bad magic number for krb5_tkt_authent structure \\
266 {\sc kv5m_creds }& Bad magic number for krb5_creds structure \\
267 {\sc kv5m_last_req_entry }& Bad magic number for krb5_last_req_entry structure \\
268 {\sc kv5m_pa_data }& Bad magic number for krb5_pa_data structure \\
269 {\sc kv5m_kdc_req }& Bad magic number for krb5_kdc_req structure \\
270 {\sc kv5m_enc_kdc_rep_part }& Bad magic number for krb5_enc_kdc_rep_part structure \\
271 {\sc kv5m_kdc_rep }& Bad magic number for krb5_kdc_rep structure \\
272 {\sc kv5m_error }& Bad magic number for krb5_error structure \\
273 {\sc kv5m_ap_req }& Bad magic number for krb5_ap_req structure \\
274 {\sc kv5m_ap_rep }& Bad magic number for krb5_ap_rep structure \\
275 {\sc kv5m_ap_rep_enc_part }& Bad magic number for krb5_ap_rep_enc_part structure \\
276 {\sc kv5m_response }& Bad magic number for krb5_response structure \\
277 {\sc kv5m_safe }& Bad magic number for krb5_safe structure \\
278 {\sc kv5m_priv }& Bad magic number for krb5_priv structure \\
279 {\sc kv5m_priv_enc_part }& Bad magic number for krb5_priv_enc_part structure \\
280 {\sc kv5m_cred }& Bad magic number for krb5_cred structure \\
281 {\sc kv5m_cred_info }& Bad magic number for krb5_cred_info structure \\
282 {\sc kv5m_cred_enc_part }& Bad magic number for krb5_cred_enc_part structure \\
283 {\sc kv5m_pwd_data }& Bad magic number for krb5_pwd_data structure \\
284 {\sc kv5m_address }& Bad magic number for krb5_address structure \\
285 {\sc kv5m_keytab_entry }& Bad magic number for krb5_keytab_entry structure \\
286 {\sc kv5m_context }& Bad magic number for krb5_context structure \\
287 {\sc kv5m_os_context }& Bad magic number for krb5_os_context structure \\
292 \subsection{error_table asn1}
294 The Kerberos v5/ASN.1 error table mappings
298 {\sc asn1_bad_timeformat }& ASN.1 failed call to system time library \\
299 {\sc asn1_missing_field }& ASN.1 structure is missing a required field \\
300 {\sc asn1_misplaced_field }& ASN.1 unexpected field number \\
301 {\sc asn1_type_mismatch }& ASN.1 type numbers are inconsistent \\
302 {\sc asn1_overflow }& ASN.1 value too large \\
303 {\sc asn1_overrun }& ASN.1 encoding ended unexpectedly \\
304 {\sc asn1_bad_id }& ASN.1 identifier doesn't match expected value \\
305 {\sc asn1_bad_length }& ASN.1 length doesn't match expected value \\
306 {\sc asn1_bad_format }& ASN.1 badly-formatted encoding \\
307 {\sc asn1_parse_error }& ASN.1 parse error \\