Edit defaults page in documentation

[krb5.git] / doc / api / errors.tex

\subsection{error_table krb5}

% $Source$
% $Author$

The Kerberos v5 library error code table follows.
Protocol error codes are ERROR_TABLE_BASE_krb5 + the protocol error
code number.  Other error codes start at ERROR_TABLE_BASE_krb5 + 128.

\begin{small}
\begin{tabular}{ll}
{\sc krb5kdc_err_none }&         No error \\
{\sc krb5kdc_err_name_exp }& Client's entry in database has expired \\
{\sc krb5kdc_err_service_exp }& Server's entry in database has expired \\
{\sc krb5kdc_err_bad_pvno }& Requested protocol version not supported \\        
{\sc krb5kdc_err_c_old_mast_kvno }& \parbox[t]{2in}{Client's key is encrypted in an old master key} \\
{\sc krb5kdc_err_s_old_mast_kvno }& \parbox[t]{2in}{Server's key is encrypted in an old master key} \\
{\sc krb5kdc_err_c_principal_unknown }&  Client not found in Kerberos database \\
{\sc krb5kdc_err_s_principal_unknown }&  Server not found in Kerberos database \\
{\sc krb5kdc_err_principal_not_unique }&\parbox[t]{2in}{\raggedright{Principal has multiple entries in Kerberos database}} \\
{\sc krb5kdc_err_null_key }& Client or server has a null key \\
{\sc krb5kdc_err_cannot_postdate }& Ticket is ineligible for postdating \\
{\sc krb5kdc_err_never_valid }& \parbox[t]{2in}{Requested effective lifetime is negative or too short} \\
{\sc krb5kdc_err_policy }&       KDC policy rejects request \\
{\sc krb5kdc_err_badoption }& KDC can't fulfill requested option \\
{\sc krb5kdc_err_etype_nosupp }& KDC has no support for encryption type \\
{\sc krb5kdc_err_sumtype_nosupp }& KDC has no support for checksum type \\
{\sc krb5kdc_err_padata_type_nosupp }&  KDC has no support for padata type \\
{\sc krb5kdc_err_trtype_nosupp }& KDC has no support for transited type \\
{\sc krb5kdc_err_client_revoked }& Clients credentials have been revoked \\
{\sc krb5kdc_err_service_revoked }& Credentials for server have been revoked \\
{\sc krb5kdc_err_tgt_revoked }& TGT has been revoked \\
{\sc krb5kdc_err_client_notyet }& Client not yet valid - try again later \\
{\sc krb5kdc_err_service_notyet }& Server not yet valid - try again later \\
{\sc krb5kdc_err_key_exp }&      Password has expired \\
{\sc krb5kdc_preauth_failed }&           Preauthentication failed \\
{\sc krb5kdc_err_preauth_require }&     Additional pre-authentication required \\
{\sc krb5kdc_err_server_nomatch }&      Requested server and ticket don't match \\
\multicolumn{2}{c}{error codes 27-30 are currently placeholders}\\

\end{tabular}

\begin{tabular}{ll}
{\sc krb5krb_ap_err_bad_integrity }&  Decrypt integrity check failed \\
{\sc krb5krb_ap_err_tkt_expired }& Ticket expired \\
{\sc krb5krb_ap_err_tkt_nyv }& Ticket not yet valid \\
{\sc krb5krb_ap_err_repeat }& Request is a replay \\
{\sc krb5krb_ap_err_not_us }& The ticket isn't for us \\
{\sc krb5krb_ap_err_badmatch }& Ticket/authenticator don't match \\
{\sc krb5krb_ap_err_skew }& Clock skew too great \\
{\sc krb5krb_ap_err_badaddr }& Incorrect net address \\
{\sc krb5krb_ap_err_badversion }& Protocol version mismatch \\
{\sc krb5krb_ap_err_msg_type }& Invalid message type \\
{\sc krb5krb_ap_err_modified }& Message stream modified \\
{\sc krb5krb_ap_err_badorder }& Message out of order \\
{\sc krb5placehold_43 }&         KRB5 error code 43 \\
{\sc krb5krb_ap_err_badkeyver }& Key version is not available \\
{\sc krb5krb_ap_err_nokey }& Service key not available \\
{\sc krb5krb_ap_err_mut_fail }& Mutual authentication failed \\
{\sc krb5krb_ap_err_baddirection }& Incorrect message direction \\
{\sc krb5krb_ap_err_method }& Alternative authentication method required \\
{\sc krb5krb_ap_err_badseq }& Incorrect sequence number in message \\
{\sc krb5krb_ap_err_inapp_cksum }& Inappropriate type of checksum in message \\ 
\multicolumn{2}{c}{error codes 51-59 are currently placeholders} \\

{\sc krb5krb_err_generic }& Generic error (see e-text) \\
{\sc krb5krb_err_field_toolong }& Field is too long for this implementation \\
\multicolumn{2}{c}{error codes 62-127 are currently placeholders} \\
\end{tabular}

\begin{tabular}{ll}
{\sc krb5_libos_badlockflag }& Invalid flag for file lock mode \\
{\sc krb5_libos_cantreadpwd }& Cannot read password \\
{\sc krb5_libos_badpwdmatch }& Password mismatch \\
{\sc krb5_libos_pwdintr }&       Password read interrupted \\
{\sc krb5_parse_illchar }&       Illegal character in component name \\
{\sc krb5_parse_malformed }& Malformed representation of principal \\
{\sc krb5_config_cantopen }& Can't open/find configuration file \\
{\sc krb5_config_badformat }& Improper format of configuration file \\
{\sc krb5_config_notenufspace }& Insufficient space to return complete information \\
{\sc krb5_badmsgtype }&  Invalid message type specified for encoding \\
{\sc krb5_cc_badname }&  Credential cache name malformed \\
{\sc krb5_cc_unknown_type }& Unknown credential cache type  \\
{\sc krb5_cc_notfound }&         Matching credential not found \\
{\sc krb5_cc_end }&              End of credential cache reached \\
{\sc krb5_no_tkt_supplied }& Request did not supply a ticket \\
{\sc krb5krb_ap_wrong_princ }&   Wrong principal in request \\
{\sc krb5krb_ap_err_tkt_invalid }& Ticket has invalid flag set \\
{\sc krb5_princ_nomatch }&       Requested principal and ticket don't match \\
{\sc krb5_kdcrep_modified }& KDC reply did not match expectations \\
{\sc krb5_kdcrep_skew }&        Clock skew too great in KDC reply \\
{\sc krb5_in_tkt_realm_mismatch }&\parbox[t]{2.5 in}{Client/server realm
mismatch in initial ticket requst}\\

{\sc krb5_prog_etype_nosupp }& Program lacks support for encryption type \\
{\sc krb5_prog_keytype_nosupp }& Program lacks support for key type \\
{\sc krb5_wrong_etype }&         Requested encryption type not used in message \\
{\sc krb5_prog_sumtype_nosupp }& Program lacks support for checksum type \\
{\sc krb5_realm_unknown }&       Cannot find KDC for requested realm \\
{\sc krb5_service_unknown }&    Kerberos service unknown \\
{\sc krb5_kdc_unreach }&         Cannot contact any KDC for requested realm \\
{\sc krb5_no_localname }&        No local name found for principal name \\

%\multicolumn{1}{c}{some of these should be combined/supplanted by system codes} \\
\end{tabular}

\begin{tabular}{ll}
{\sc krb5_rc_type_exists }&      Replay cache type is already registered \\
{\sc krb5_rc_malloc }&   No more memory to allocate (in replay cache code) \\
{\sc krb5_rc_type_notfound }& Replay cache type is unknown \\
{\sc krb5_rc_unknown }&  Generic unknown RC error \\
{\sc krb5_rc_replay }&   Message is a replay \\
{\sc krb5_rc_io }&               Replay I/O operation failed XXX \\
{\sc krb5_rc_noio }&     \parbox[t]{3in}{Replay cache type does not support non-volatile storage} \\
{\sc krb5_rc_parse }& Replay cache name parse/format error \\
{\sc krb5_rc_io_eof }&   End-of-file on replay cache I/O \\
{\sc krb5_rc_io_malloc }& \parbox[t]{3in}{No more memory to allocate (in replay cache I/O code)}\\
{\sc krb5_rc_io_perm }&  Permission denied in replay cache code \\
{\sc krb5_rc_io_io }&    I/O error in replay cache i/o code \\
{\sc krb5_rc_io_unknown }&       Generic unknown RC/IO error \\
{\sc krb5_rc_io_space }& Insufficient system space to store replay information \\
{\sc krb5_trans_cantopen }&      Can't open/find realm translation file \\
{\sc krb5_trans_badformat }& Improper format of realm translation file \\
{\sc krb5_lname_cantopen }&      Can't open/find lname translation database \\
{\sc krb5_lname_notrans }&       No translation available for requested principal \\
{\sc krb5_lname_badformat }& Improper format of translation database entry \\
{\sc krb5_crypto_internal }& Cryptosystem internal error \\
{\sc krb5_kt_badname }&  Key table name malformed \\
{\sc krb5_kt_unknown_type }& Unknown Key table type  \\
{\sc krb5_kt_notfound }&         Key table entry not found \\
{\sc krb5_kt_end }&              End of key table reached \\
{\sc krb5_kt_nowrite }&  Cannot write to specified key table \\
{\sc krb5_kt_ioerr }&    Error writing to key table \\
{\sc krb5_no_tkt_in_rlm }&       Cannot find ticket for requested realm \\
{\sc krb5des_bad_keypar }&       DES key has bad parity \\
{\sc krb5des_weak_key }&         DES key is a weak key \\
{\sc krb5_bad_keytype }&         Keytype is incompatible with encryption type \\
{\sc krb5_bad_keysize }&         Key size is incompatible with encryption type \\
{\sc krb5_bad_msize }&   Message size is incompatible with encryption type \\
{\sc krb5_cc_type_exists }&      Credentials cache type is already registered. \\
{\sc krb5_kt_type_exists }&      Key table type is already registered. \\
{\sc krb5_cc_io }&               Credentials cache I/O operation failed XXX \\
{\sc krb5_fcc_perm }&    Credentials cache file permissions incorrect \\
{\sc krb5_fcc_nofile }&  No credentials cache file found \\
{\sc krb5_fcc_internal }&        Internal file credentials cache error \\
{\sc krb5_cc_nomem }& \parbox[t]{3in}{No more memory to allocate (in credentials cache code)}\\ 
\end{tabular}

\begin{tabular}{ll}
\multicolumn{2}{c}{errors for dual TGT library calls} \\

{\sc krb5_invalid_flags }& Invalid KDC option combination (library internal error) \\
{\sc krb5_no_2nd_tkt }&  Request missing second ticket \\
{\sc krb5_nocreds_supplied }& No credentials supplied to library routine \\

\end{tabular}

\begin{tabular}{ll}
\multicolumn{2}{c}{errors for sendauth and recvauth} \\

{\sc krb5_sendauth_badauthvers }& Bad sendauth version was sent \\
{\sc krb5_sendauth_badapplvers }& Bad application version was sent (via sendauth) \\
{\sc krb5_sendauth_badresponse }& Bad response (during sendauth exchange) \\
{\sc krb5_sendauth_rejected }& Server rejected authentication\\
& \ (during sendauth exchange) \\
{\sc krb5_sendauth_mutual_failed }& Mutual authentication failed\\&\ (during sendauth exchange) \\

\end{tabular}

\begin{tabular}{ll}
\multicolumn{2}{c}{errors for preauthentication} \\

{\sc krb5_preauth_bad_type }& Unsupported preauthentication type \\
{\sc krb5_preauth_no_key }&      Required preauthentication key not supplied \\
{\sc krb5_preauth_failed }&      Generic preauthentication failure \\

\end{tabular}

\begin{tabular}{ll}
\multicolumn{2}{c}{version number errors} \\

{\sc krb5_rcache_badvno }& Unsupported replay cache format version number \\
{\sc krb5_ccache_badvno }& Unsupported credentials cache format version number \\
{\sc krb5_keytab_badvno }& Unsupported key table format version number \\

\end{tabular}

\begin{tabular}{ll}
\multicolumn{2}{c}{other errors} \\ 

{\sc krb5_prog_atype_nosupp }& Program lacks support for address type \\
{\sc krb5_rc_required }& Message replay detection requires\\&\  rcache parameter \\
{\sc krb5_err_bad_hostname }& Hostname cannot be canonicalized \\
{\sc krb5_err_host_realm_unknown }& Cannot determine realm for host \\
{\sc krb5_sname_unsupp_nametype }& Conversion to service principal undefined\\&\ for name type \\
{\sc krb5krb_ap_err_v4_reply }& Initial Ticket Response appears to be\\
&\ Version 4 error \\
{\sc krb5_realm_cant_resolve }& Cannot resolve KDC for requested realm \\
{\sc krb5_tkt_not_forwardable }& Requesting ticket can't get forwardable tickets \\
\end{tabular}
\end{small}

\subsection{error_table kdb5}

% $Source$
% $Author$

The Kerberos v5 database library error code table

\begin{small}
\begin{tabular}{ll}
\multicolumn{2}{c}{From the server side routines} \\
{\sc krb5_kdb_inuse }&  Entry already exists in database\\
{\sc krb5_kdb_uk_serror }&      Database store error\\
{\sc krb5_kdb_uk_rerror }&      Database read error\\
{\sc krb5_kdb_unauth }& Insufficient access to perform requested operation\\
{\sc krb5_kdb_noentry }&        No such entry in the database\\
{\sc krb5_kdb_ill_wildcard }& Illegal use of wildcard\\
{\sc krb5_kdb_db_inuse }&       Database is locked or in use--try again later\\
{\sc krb5_kdb_db_changed }&     Database was modified during read\\
{\sc krb5_kdb_truncated_record }&       Database record is incomplete or corrupted\\
{\sc krb5_kdb_recursivelock }&  Attempt to lock database twice\\
{\sc krb5_kdb_notlocked }&              Attempt to unlock database when not locked\\
{\sc krb5_kdb_badlockmode }&    Invalid kdb lock mode\\
{\sc krb5_kdb_dbnotinited }&    Database has not been initialized\\
{\sc krb5_kdb_dbinited }&               Database has already been initialized\\
{\sc krb5_kdb_illdirection }&   Bad direction for converting keys\\
{\sc krb5_kdb_nomasterkey }&    Cannot find master key record in database\\
{\sc krb5_kdb_badmasterkey }&   Master key does not match database\\
{\sc krb5_kdb_invalidkeysize }& Key size in database is invalid\\
{\sc krb5_kdb_cantread_stored }&        Cannot find/read stored master key\\
{\sc krb5_kdb_badstored_mkey }& Stored master key is corrupted\\
{\sc krb5_kdb_cantlock_db }&    Insufficient access to lock database \\
{\sc krb5_kdb_db_corrupt }&             Database format error\\
{\sc krb5_kdb_bad_version }&    Unsupported version in database entry \\
\end{tabular}
\end{small}

% $Source$
% $Author$

\subsection{error_table kv5m}

The Kerberos v5 magic numbers errorcode table follows. These are used
for the magic numbers found in data structures.

\begin{small}
\begin{tabular}{ll} 
{\sc kv5m_none }&               Kerberos V5 magic number table \\
{\sc kv5m_principal }&  Bad magic number for krb5_principal structure \\
{\sc kv5m_data }&               Bad magic number for krb5_data structure \\
{\sc kv5m_keyblock }&   Bad magic number for krb5_keyblock structure \\
{\sc kv5m_checksum }&   Bad magic number for krb5_checksum structure \\
{\sc kv5m_encrypt_block }&      Bad magic number for krb5_encrypt_block structure \\
{\sc kv5m_enc_data }&   Bad magic number for krb5_enc_data structure \\
{\sc kv5m_cryptosystem_entry }& Bad magic number for krb5_cryptosystem_entry\\&\ structure \\
{\sc kv5m_cs_table_entry }&     Bad magic number for krb5_cs_table_entry structure \\
{\sc kv5m_checksum_entry }&     Bad magic number for krb5_checksum_entry structure \\

{\sc kv5m_authdata }&   Bad magic number for krb5_authdata structure \\
{\sc kv5m_transited }&  Bad magic number for krb5_transited structure \\
{\sc kv5m_enc_tkt_parT }&       Bad magic number for krb5_enc_tkt_part structure \\
{\sc kv5m_ticket }&             Bad magic number for krb5_ticket structure \\
{\sc kv5m_authenticator }&      Bad magic number for krb5_authenticator structure \\
{\sc kv5m_tkt_authent }&        Bad magic number for krb5_tkt_authent structure \\
{\sc kv5m_creds }&              Bad magic number for krb5_creds structure \\
{\sc kv5m_last_req_entry }&     Bad magic number for krb5_last_req_entry structure \\
{\sc kv5m_pa_data }&            Bad magic number for krb5_pa_data structure \\
{\sc kv5m_kdc_req }&            Bad magic number for krb5_kdc_req structure \\
{\sc kv5m_enc_kdc_rep_part }& Bad magic number for krb5_enc_kdc_rep_part structure \\
{\sc kv5m_kdc_rep }&            Bad magic number for krb5_kdc_rep structure \\
{\sc kv5m_error }&              Bad magic number for krb5_error structure \\
{\sc kv5m_ap_req }&             Bad magic number for krb5_ap_req structure \\
{\sc kv5m_ap_rep }&             Bad magic number for krb5_ap_rep structure \\
{\sc kv5m_ap_rep_enc_part }&    Bad magic number for krb5_ap_rep_enc_part structure \\
{\sc kv5m_response }&   Bad magic number for krb5_response structure \\
{\sc kv5m_safe }&               Bad magic number for krb5_safe structure \\
{\sc kv5m_priv }&               Bad magic number for krb5_priv structure \\
{\sc kv5m_priv_enc_part }&      Bad magic number for krb5_priv_enc_part structure \\
{\sc kv5m_cred }&               Bad magic number for krb5_cred structure \\
{\sc kv5m_cred_info }&  Bad magic number for krb5_cred_info structure \\
{\sc kv5m_cred_enc_part }&      Bad magic number for krb5_cred_enc_part structure \\
{\sc kv5m_pwd_data }&   Bad magic number for krb5_pwd_data structure \\
{\sc kv5m_address }&    Bad magic number for krb5_address structure \\
{\sc kv5m_keytab_entry }&       Bad magic number for krb5_keytab_entry structure \\
{\sc kv5m_context }&    Bad magic number for krb5_context structure \\
{\sc kv5m_os_context }& Bad magic number for krb5_os_context structure \\

\end{tabular}
\end{small}

\subsection{error_table asn1}

The Kerberos v5/ASN.1 error table mappings

\begin{small}
\begin{tabular}{ll}
{\sc asn1_bad_timeformat }&     ASN.1 failed call to system time library \\
{\sc asn1_missing_field }&      ASN.1 structure is missing a required field \\
{\sc asn1_misplaced_field }&    ASN.1 unexpected field number \\
{\sc asn1_type_mismatch }&      ASN.1 type numbers are inconsistent \\
{\sc asn1_overflow }&   ASN.1 value too large \\
{\sc asn1_overrun }&    ASN.1 encoding ended unexpectedly \\
{\sc asn1_bad_id }&     ASN.1 identifier doesn't match expected value \\
{\sc asn1_bad_length }& ASN.1 length doesn't match expected value \\
{\sc asn1_bad_format }& ASN.1 badly-formatted encoding \\
{\sc asn1_parse_error }&        ASN.1 parse error \\
\end{tabular}
\end{small}