\subsection{error_table krb5} % $Source$ % $Author: epeisach $ The Kerberos v5 library error code table follows. Protocol error codes are ERROR_TABLE_BASE_krb5 + the protocol error code number. Other error codes start at ERROR_TABLE_BASE_krb5 + 128. \begin{small} \begin{tabular}{ll} {\sc krb5kdc_err_none }& No error \\ {\sc krb5kdc_err_name_exp }& Client's entry in database has expired \\ {\sc krb5kdc_err_service_exp }& Server's entry in database has expired \\ {\sc krb5kdc_err_bad_pvno }& Requested protocol version not supported \\ {\sc krb5kdc_err_c_old_mast_kvno }& \parbox[t]{2in}{Client's key is encrypted in an old master key} \\ {\sc krb5kdc_err_s_old_mast_kvno }& \parbox[t]{2in}{Server's key is encrypted in an old master key} \\ {\sc krb5kdc_err_c_principal_unknown }& Client not found in Kerberos database \\ {\sc krb5kdc_err_s_principal_unknown }& Server not found in Kerberos database \\ {\sc krb5kdc_err_principal_not_unique }&\parbox[t]{2in}{\raggedright{Principal has multiple entries in Kerberos database}} \\ {\sc krb5kdc_err_null_key }& Client or server has a null key \\ {\sc krb5kdc_err_cannot_postdate }& Ticket is ineligible for postdating \\ {\sc krb5kdc_err_never_valid }& \parbox[t]{2in}{Requested effective lifetime is negative or too short} \\ {\sc krb5kdc_err_policy }& KDC policy rejects request \\ {\sc krb5kdc_err_badoption }& KDC can't fulfill requested option \\ {\sc krb5kdc_err_etype_nosupp }& KDC has no support for encryption type \\ {\sc krb5kdc_err_sumtype_nosupp }& KDC has no support for checksum type \\ {\sc krb5kdc_err_padata_type_nosupp }& KDC has no support for padata type \\ {\sc krb5kdc_err_trtype_nosupp }& KDC has no support for transited type \\ {\sc krb5kdc_err_client_revoked }& Clients credentials have been revoked \\ {\sc krb5kdc_err_service_revoked }& Credentials for server have been revoked \\ {\sc krb5kdc_err_tgt_revoked }& TGT has been revoked \\ {\sc krb5kdc_err_client_notyet }& Client not yet valid - try again later \\ {\sc krb5kdc_err_service_notyet }& Server not yet valid - try again later \\ {\sc krb5kdc_err_key_exp }& Password has expired \\ {\sc krb5kdc_preauth_failed }& Preauthentication failed \\ {\sc krb5kdc_err_preauth_require }& Additional pre-authentication required \\ {\sc krb5kdc_err_server_nomatch }& Requested server and ticket don't match \\ \multicolumn{2}{c}{error codes 27-30 are currently placeholders}\\ \end{tabular} \begin{tabular}{ll} {\sc krb5krb_ap_err_bad_integrity }& Decrypt integrity check failed \\ {\sc krb5krb_ap_err_tkt_expired }& Ticket expired \\ {\sc krb5krb_ap_err_tkt_nyv }& Ticket not yet valid \\ {\sc krb5krb_ap_err_repeat }& Request is a replay \\ {\sc krb5krb_ap_err_not_us }& The ticket isn't for us \\ {\sc krb5krb_ap_err_badmatch }& Ticket/authenticator don't match \\ {\sc krb5krb_ap_err_skew }& Clock skew too great \\ {\sc krb5krb_ap_err_badaddr }& Incorrect net address \\ {\sc krb5krb_ap_err_badversion }& Protocol version mismatch \\ {\sc krb5krb_ap_err_msg_type }& Invalid message type \\ {\sc krb5krb_ap_err_modified }& Message stream modified \\ {\sc krb5krb_ap_err_badorder }& Message out of order \\ {\sc krb5placehold_43 }& KRB5 error code 43 \\ {\sc krb5krb_ap_err_badkeyver }& Key version is not available \\ {\sc krb5krb_ap_err_nokey }& Service key not available \\ {\sc krb5krb_ap_err_mut_fail }& Mutual authentication failed \\ {\sc krb5krb_ap_err_baddirection }& Incorrect message direction \\ {\sc krb5krb_ap_err_method }& Alternative authentication method required \\ {\sc krb5krb_ap_err_badseq }& Incorrect sequence number in message \\ {\sc krb5krb_ap_err_inapp_cksum }& Inappropriate type of checksum in message \\ \multicolumn{2}{c}{error codes 51-59 are currently placeholders} \\ {\sc krb5krb_err_generic }& Generic error (see e-text) \\ {\sc krb5krb_err_field_toolong }& Field is too long for this implementation \\ \multicolumn{2}{c}{error codes 62-127 are currently placeholders} \\ \end{tabular} \begin{tabular}{ll} {\sc krb5_libos_badlockflag }& Invalid flag for file lock mode \\ {\sc krb5_libos_cantreadpwd }& Cannot read password \\ {\sc krb5_libos_badpwdmatch }& Password mismatch \\ {\sc krb5_libos_pwdintr }& Password read interrupted \\ {\sc krb5_parse_illchar }& Illegal character in component name \\ {\sc krb5_parse_malformed }& Malformed representation of principal \\ {\sc krb5_config_cantopen }& Can't open/find configuration file \\ {\sc krb5_config_badformat }& Improper format of configuration file \\ {\sc krb5_config_notenufspace }& Insufficient space to return complete information \\ {\sc krb5_badmsgtype }& Invalid message type specified for encoding \\ {\sc krb5_cc_badname }& Credential cache name malformed \\ {\sc krb5_cc_unknown_type }& Unknown credential cache type \\ {\sc krb5_cc_notfound }& Matching credential not found \\ {\sc krb5_cc_end }& End of credential cache reached \\ {\sc krb5_no_tkt_supplied }& Request did not supply a ticket \\ {\sc krb5krb_ap_wrong_princ }& Wrong principal in request \\ {\sc krb5krb_ap_err_tkt_invalid }& Ticket has invalid flag set \\ {\sc krb5_princ_nomatch }& Requested principal and ticket don't match \\ {\sc krb5_kdcrep_modified }& KDC reply did not match expectations \\ {\sc krb5_kdcrep_skew }& Clock skew too great in KDC reply \\ {\sc krb5_in_tkt_realm_mismatch }&\parbox[t]{2.5 in}{Client/server realm mismatch in initial ticket requst}\\ {\sc krb5_prog_etype_nosupp }& Program lacks support for encryption type \\ {\sc krb5_prog_keytype_nosupp }& Program lacks support for key type \\ {\sc krb5_wrong_etype }& Requested encryption type not used in message \\ {\sc krb5_prog_sumtype_nosupp }& Program lacks support for checksum type \\ {\sc krb5_realm_unknown }& Cannot find KDC for requested realm \\ {\sc krb5_service_unknown }& Kerberos service unknown \\ {\sc krb5_kdc_unreach }& Cannot contact any KDC for requested realm \\ {\sc krb5_no_localname }& No local name found for principal name \\ %\multicolumn{1}{c}{some of these should be combined/supplanted by system codes} \\ \end{tabular} \begin{tabular}{ll} {\sc krb5_rc_type_exists }& Replay cache type is already registered \\ {\sc krb5_rc_malloc }& No more memory to allocate (in replay cache code) \\ {\sc krb5_rc_type_notfound }& Replay cache type is unknown \\ {\sc krb5_rc_unknown }& Generic unknown RC error \\ {\sc krb5_rc_replay }& Message is a replay \\ {\sc krb5_rc_io }& Replay I/O operation failed XXX \\ {\sc krb5_rc_noio }& \parbox[t]{3in}{Replay cache type does not support non-volatile storage} \\ {\sc krb5_rc_parse }& Replay cache name parse/format error \\ {\sc krb5_rc_io_eof }& End-of-file on replay cache I/O \\ {\sc krb5_rc_io_malloc }& \parbox[t]{3in}{No more memory to allocate (in replay cache I/O code)}\\ {\sc krb5_rc_io_perm }& Permission denied in replay cache code \\ {\sc krb5_rc_io_io }& I/O error in replay cache i/o code \\ {\sc krb5_rc_io_unknown }& Generic unknown RC/IO error \\ {\sc krb5_rc_io_space }& Insufficient system space to store replay information \\ {\sc krb5_trans_cantopen }& Can't open/find realm translation file \\ {\sc krb5_trans_badformat }& Improper format of realm translation file \\ {\sc krb5_lname_cantopen }& Can't open/find lname translation database \\ {\sc krb5_lname_notrans }& No translation available for requested principal \\ {\sc krb5_lname_badformat }& Improper format of translation database entry \\ {\sc krb5_crypto_internal }& Cryptosystem internal error \\ {\sc krb5_kt_badname }& Key table name malformed \\ {\sc krb5_kt_unknown_type }& Unknown Key table type \\ {\sc krb5_kt_notfound }& Key table entry not found \\ {\sc krb5_kt_end }& End of key table reached \\ {\sc krb5_kt_nowrite }& Cannot write to specified key table \\ {\sc krb5_kt_ioerr }& Error writing to key table \\ {\sc krb5_no_tkt_in_rlm }& Cannot find ticket for requested realm \\ {\sc krb5des_bad_keypar }& DES key has bad parity \\ {\sc krb5des_weak_key }& DES key is a weak key \\ {\sc krb5_bad_keytype }& Keytype is incompatible with encryption type \\ {\sc krb5_bad_keysize }& Key size is incompatible with encryption type \\ {\sc krb5_bad_msize }& Message size is incompatible with encryption type \\ {\sc krb5_cc_type_exists }& Credentials cache type is already registered. \\ {\sc krb5_kt_type_exists }& Key table type is already registered. \\ {\sc krb5_cc_io }& Credentials cache I/O operation failed XXX \\ {\sc krb5_fcc_perm }& Credentials cache file permissions incorrect \\ {\sc krb5_fcc_nofile }& No credentials cache file found \\ {\sc krb5_fcc_internal }& Internal file credentials cache error \\ {\sc krb5_cc_nomem }& \parbox[t]{3in}{No more memory to allocate (in credentials cache code)}\\ \end{tabular} \begin{tabular}{ll} \multicolumn{2}{c}{errors for dual TGT library calls} \\ {\sc krb5_invalid_flags }& Invalid KDC option combination (library internal error) \\ {\sc krb5_no_2nd_tkt }& Request missing second ticket \\ {\sc krb5_nocreds_supplied }& No credentials supplied to library routine \\ \end{tabular} \begin{tabular}{ll} \multicolumn{2}{c}{errors for sendauth and recvauth} \\ {\sc krb5_sendauth_badauthvers }& Bad sendauth version was sent \\ {\sc krb5_sendauth_badapplvers }& Bad application version was sent (via sendauth) \\ {\sc krb5_sendauth_badresponse }& Bad response (during sendauth exchange) \\ {\sc krb5_sendauth_rejected }& Server rejected authentication\\ & \ (during sendauth exchange) \\ {\sc krb5_sendauth_mutual_failed }& Mutual authentication failed\\&\ (during sendauth exchange) \\ \end{tabular} \begin{tabular}{ll} \multicolumn{2}{c}{errors for preauthentication} \\ {\sc krb5_preauth_bad_type }& Unsupported preauthentication type \\ {\sc krb5_preauth_no_key }& Required preauthentication key not supplied \\ {\sc krb5_preauth_failed }& Generic preauthentication failure \\ \end{tabular} \begin{tabular}{ll} \multicolumn{2}{c}{version number errors} \\ {\sc krb5_rcache_badvno }& Unsupported replay cache format version number \\ {\sc krb5_ccache_badvno }& Unsupported credentials cache format version number \\ {\sc krb5_keytab_badvno }& Unsupported key table format version number \\ \end{tabular} \begin{tabular}{ll} \multicolumn{2}{c}{other errors} \\ {\sc krb5_prog_atype_nosupp }& Program lacks support for address type \\ {\sc krb5_rc_required }& Message replay detection requires\\&\ rcache parameter \\ {\sc krb5_err_bad_hostname }& Hostname cannot be canonicalized \\ {\sc krb5_err_host_realm_unknown }& Cannot determine realm for host \\ {\sc krb5_sname_unsupp_nametype }& Conversion to service principal undefined\\&\ for name type \\ {\sc krb5krb_ap_err_v4_reply }& Initial Ticket Response appears to be\\ &\ Version 4 error \\ {\sc krb5_realm_cant_resolve }& Cannot resolve KDC for requested realm \\ {\sc krb5_tkt_not_forwardable }& Requesting ticket can't get forwardable tickets \\ \end{tabular} \end{small} \subsection{error_table kdb5} % $Source$ % $Author: epeisach $ The Kerberos v5 database library error code table \begin{small} \begin{tabular}{ll} \multicolumn{2}{c}{From the server side routines} \\ {\sc krb5_kdb_inuse }& Entry already exists in database\\ {\sc krb5_kdb_uk_serror }& Database store error\\ {\sc krb5_kdb_uk_rerror }& Database read error\\ {\sc krb5_kdb_unauth }& Insufficient access to perform requested operation\\ {\sc krb5_kdb_noentry }& No such entry in the database\\ {\sc krb5_kdb_ill_wildcard }& Illegal use of wildcard\\ {\sc krb5_kdb_db_inuse }& Database is locked or in use--try again later\\ {\sc krb5_kdb_db_changed }& Database was modified during read\\ {\sc krb5_kdb_truncated_record }& Database record is incomplete or corrupted\\ {\sc krb5_kdb_recursivelock }& Attempt to lock database twice\\ {\sc krb5_kdb_notlocked }& Attempt to unlock database when not locked\\ {\sc krb5_kdb_badlockmode }& Invalid kdb lock mode\\ {\sc krb5_kdb_dbnotinited }& Database has not been initialized\\ {\sc krb5_kdb_dbinited }& Database has already been initialized\\ {\sc krb5_kdb_illdirection }& Bad direction for converting keys\\ {\sc krb5_kdb_nomasterkey }& Cannot find master key record in database\\ {\sc krb5_kdb_badmasterkey }& Master key does not match database\\ {\sc krb5_kdb_invalidkeysize }& Key size in database is invalid\\ {\sc krb5_kdb_cantread_stored }& Cannot find/read stored master key\\ {\sc krb5_kdb_badstored_mkey }& Stored master key is corrupted\\ {\sc krb5_kdb_cantlock_db }& Insufficient access to lock database \\ {\sc krb5_kdb_db_corrupt }& Database format error\\ {\sc krb5_kdb_bad_version }& Unsupported version in database entry \\ \end{tabular} \end{small} % $Source$ % $Author: epeisach $ \subsection{error_table kv5m} The Kerberos v5 magic numbers errorcode table follows. These are used for the magic numbers found in data structures. \begin{small} \begin{tabular}{ll} {\sc kv5m_none }& Kerberos V5 magic number table \\ {\sc kv5m_principal }& Bad magic number for krb5_principal structure \\ {\sc kv5m_data }& Bad magic number for krb5_data structure \\ {\sc kv5m_keyblock }& Bad magic number for krb5_keyblock structure \\ {\sc kv5m_checksum }& Bad magic number for krb5_checksum structure \\ {\sc kv5m_encrypt_block }& Bad magic number for krb5_encrypt_block structure \\ {\sc kv5m_enc_data }& Bad magic number for krb5_enc_data structure \\ {\sc kv5m_cryptosystem_entry }& Bad magic number for krb5_cryptosystem_entry\\&\ structure \\ {\sc kv5m_cs_table_entry }& Bad magic number for krb5_cs_table_entry structure \\ {\sc kv5m_checksum_entry }& Bad magic number for krb5_checksum_entry structure \\ {\sc kv5m_authdata }& Bad magic number for krb5_authdata structure \\ {\sc kv5m_transited }& Bad magic number for krb5_transited structure \\ {\sc kv5m_enc_tkt_parT }& Bad magic number for krb5_enc_tkt_part structure \\ {\sc kv5m_ticket }& Bad magic number for krb5_ticket structure \\ {\sc kv5m_authenticator }& Bad magic number for krb5_authenticator structure \\ {\sc kv5m_tkt_authent }& Bad magic number for krb5_tkt_authent structure \\ {\sc kv5m_creds }& Bad magic number for krb5_creds structure \\ {\sc kv5m_last_req_entry }& Bad magic number for krb5_last_req_entry structure \\ {\sc kv5m_pa_data }& Bad magic number for krb5_pa_data structure \\ {\sc kv5m_kdc_req }& Bad magic number for krb5_kdc_req structure \\ {\sc kv5m_enc_kdc_rep_part }& Bad magic number for krb5_enc_kdc_rep_part structure \\ {\sc kv5m_kdc_rep }& Bad magic number for krb5_kdc_rep structure \\ {\sc kv5m_error }& Bad magic number for krb5_error structure \\ {\sc kv5m_ap_req }& Bad magic number for krb5_ap_req structure \\ {\sc kv5m_ap_rep }& Bad magic number for krb5_ap_rep structure \\ {\sc kv5m_ap_rep_enc_part }& Bad magic number for krb5_ap_rep_enc_part structure \\ {\sc kv5m_response }& Bad magic number for krb5_response structure \\ {\sc kv5m_safe }& Bad magic number for krb5_safe structure \\ {\sc kv5m_priv }& Bad magic number for krb5_priv structure \\ {\sc kv5m_priv_enc_part }& Bad magic number for krb5_priv_enc_part structure \\ {\sc kv5m_cred }& Bad magic number for krb5_cred structure \\ {\sc kv5m_cred_info }& Bad magic number for krb5_cred_info structure \\ {\sc kv5m_cred_enc_part }& Bad magic number for krb5_cred_enc_part structure \\ {\sc kv5m_pwd_data }& Bad magic number for krb5_pwd_data structure \\ {\sc kv5m_address }& Bad magic number for krb5_address structure \\ {\sc kv5m_keytab_entry }& Bad magic number for krb5_keytab_entry structure \\ {\sc kv5m_context }& Bad magic number for krb5_context structure \\ {\sc kv5m_os_context }& Bad magic number for krb5_os_context structure \\ \end{tabular} \end{small} \subsection{error_table asn1} The Kerberos v5/ASN.1 error table mappings \begin{small} \begin{tabular}{ll} {\sc asn1_bad_timeformat }& ASN.1 failed call to system time library \\ {\sc asn1_missing_field }& ASN.1 structure is missing a required field \\ {\sc asn1_misplaced_field }& ASN.1 unexpected field number \\ {\sc asn1_type_mismatch }& ASN.1 type numbers are inconsistent \\ {\sc asn1_overflow }& ASN.1 value too large \\ {\sc asn1_overrun }& ASN.1 encoding ended unexpectedly \\ {\sc asn1_bad_id }& ASN.1 identifier doesn't match expected value \\ {\sc asn1_bad_length }& ASN.1 length doesn't match expected value \\ {\sc asn1_bad_format }& ASN.1 badly-formatted encoding \\ {\sc asn1_parse_error }& ASN.1 parse error \\ \end{tabular} \end{small}