1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
|
#
# Error messages for the krb5 library
#
# This might look like a com_err file, but is not
#
id "$Id$"
error_table krb5
prefix KRB5KDC_ERR
error_code NONE, "No error"
error_code NAME_EXP, "Client's entry in database has expired"
error_code SERVICE_EXP, "Server's entry in database has expired"
error_code BAD_PVNO, "Requested protocol version not supported"
error_code C_OLD_MAST_KVNO, "Client's key is encrypted in an old master key"
error_code S_OLD_MAST_KVNO, "Server's key is encrypted in an old master key"
error_code C_PRINCIPAL_UNKNOWN, "Client not found in Kerberos database"
error_code S_PRINCIPAL_UNKNOWN, "Server not found in Kerberos database"
error_code PRINCIPAL_NOT_UNIQUE,"Principal has multiple entries in Kerberos database"
error_code NULL_KEY, "Client or server has a null key"
error_code CANNOT_POSTDATE, "Ticket is ineligible for postdating"
error_code NEVER_VALID, "Requested effective lifetime is negative or too short"
error_code POLICY, "KDC policy rejects request"
error_code BADOPTION, "KDC can't fulfill requested option"
error_code ETYPE_NOSUPP, "KDC has no support for encryption type"
error_code SUMTYPE_NOSUPP, "KDC has no support for checksum type"
error_code PADATA_TYPE_NOSUPP, "KDC has no support for padata type"
error_code TRTYPE_NOSUPP, "KDC has no support for transited type"
error_code CLIENT_REVOKED, "Clients credentials have been revoked"
error_code SERVICE_REVOKED, "Credentials for server have been revoked"
error_code TGT_REVOKED, "TGT has been revoked"
error_code CLIENT_NOTYET, "Client not yet valid - try again later"
error_code SERVICE_NOTYET, "Server not yet valid - try again later"
error_code KEY_EXPIRED, "Password has expired"
error_code PREAUTH_FAILED, "Preauthentication failed"
error_code PREAUTH_REQUIRED, "Additional pre-authentication required"
error_code SERVER_NOMATCH, "Requested server and ticket don't match"
error_code KDC_ERR_MUST_USE_USER2USER, "Server principal valid for user2user only"
error_code PATH_NOT_ACCEPTED, "KDC Policy rejects transited path"
error_code SVC_UNAVAILABLE, "A service is not available"
index 31
prefix KRB5KRB_AP
error_code ERR_BAD_INTEGRITY, "Decrypt integrity check failed"
error_code ERR_TKT_EXPIRED, "Ticket expired"
error_code ERR_TKT_NYV, "Ticket not yet valid"
error_code ERR_REPEAT, "Request is a replay"
error_code ERR_NOT_US, "The ticket isn't for us"
error_code ERR_BADMATCH, "Ticket/authenticator don't match"
error_code ERR_SKEW, "Clock skew too great"
error_code ERR_BADADDR, "Incorrect net address"
error_code ERR_BADVERSION, "Protocol version mismatch"
error_code ERR_MSG_TYPE, "Invalid message type"
error_code ERR_MODIFIED, "Message stream modified"
error_code ERR_BADORDER, "Message out of order"
error_code ERR_ILL_CR_TKT, "Invalid cross-realm ticket"
error_code ERR_BADKEYVER, "Key version is not available"
error_code ERR_NOKEY, "Service key not available"
error_code ERR_MUT_FAIL, "Mutual authentication failed"
error_code ERR_BADDIRECTION, "Incorrect message direction"
error_code ERR_METHOD, "Alternative authentication method required"
error_code ERR_BADSEQ, "Incorrect sequence number in message"
error_code ERR_INAPP_CKSUM, "Inappropriate type of checksum in message"
error_code PATH_NOT_ACCEPTED, "Policy rejects transited path"
prefix KRB5KRB_ERR
error_code RESPONSE_TOO_BIG, "Response too big for UDP, retry with TCP"
# 53-59 are reserved
index 60
error_code GENERIC, "Generic error (see e-text)"
error_code FIELD_TOOLONG, "Field is too long for this implementation"
# pkinit
index 62
prefix KRB5_KDC_ERR
error_code CLIENT_NOT_TRUSTED, "Client not trusted"
error_code KDC_NOT_TRUSTED, "KDC not trusted"
error_code INVALID_SIG, "Invalid signature"
error_code DH_KEY_PARAMETERS_NOT_ACCEPTED, "DH parameters not accepted"
index 68
prefix KRB5_KDC_ERR
error_code WRONG_REALM, "Wrong realm"
index 69
prefix KRB5_AP_ERR
error_code USER_TO_USER_REQUIRED, "User to user required"
index 70
prefix KRB5_KDC_ERR
error_code CANT_VERIFY_CERTIFICATE, "Cannot verify certificate"
error_code INVALID_CERTIFICATE, "Certificate invalid"
error_code REVOKED_CERTIFICATE, "Certificate revoked"
error_code REVOCATION_STATUS_UNKNOWN, "Revocation status unknown"
error_code REVOCATION_STATUS_UNAVAILABLE, "Revocation status unavaible"
error_code CLIENT_NAME_MISMATCH, "Client name mismatch in certificate"
error_code INCONSISTENT_KEY_PURPOSE, "Inconsistent key purpose"
error_code DIGEST_IN_CERT_NOT_ACCEPTED, "Digest in certificate not accepted"
error_code PA_CHECKSUM_MUST_BE_INCLUDED, "paChecksum must be included"
error_code DIGEST_IN_SIGNED_DATA_NOT_ACCEPTED, "Digest in signedData not accepted"
error_code PUBLIC_KEY_ENCRYPTION_NOT_SUPPORTED, "Public key encryption not supported"
## these are never used
#index 80
#prefix KRB5_IAKERB
#error_code ERR_KDC_NOT_FOUND, "IAKERB proxy could not find a KDC"
#error_code ERR_KDC_NO_RESPONSE, "IAKERB proxy never reeived a response from a KDC"
# 82-127 are reserved
index 128
prefix
error_code KRB5_ERR_RCSID, "$Id$"
error_code KRB5_LIBOS_BADLOCKFLAG, "Invalid flag for file lock mode"
error_code KRB5_LIBOS_CANTREADPWD, "Cannot read password"
error_code KRB5_LIBOS_BADPWDMATCH, "Password mismatch"
error_code KRB5_LIBOS_PWDINTR, "Password read interrupted"
error_code KRB5_PARSE_ILLCHAR, "Invalid character in component name"
error_code KRB5_PARSE_MALFORMED, "Malformed representation of principal"
error_code KRB5_CONFIG_CANTOPEN, "Can't open/find configuration file"
error_code KRB5_CONFIG_BADFORMAT, "Improper format of configuration file"
error_code KRB5_CONFIG_NOTENUFSPACE, "Insufficient space to return complete information"
error_code KRB5_BADMSGTYPE, "Invalid message type specified for encoding"
error_code KRB5_CC_BADNAME, "Credential cache name malformed"
error_code KRB5_CC_UNKNOWN_TYPE, "Unknown credential cache type"
error_code KRB5_CC_NOTFOUND, "Matching credential not found"
error_code KRB5_CC_END, "End of credential cache reached"
error_code KRB5_NO_TKT_SUPPLIED, "Request did not supply a ticket"
error_code KRB5KRB_AP_WRONG_PRINC, "Wrong principal in request"
error_code KRB5KRB_AP_ERR_TKT_INVALID, "Ticket has invalid flag set"
error_code KRB5_PRINC_NOMATCH, "Requested principal and ticket don't match"
error_code KRB5_KDCREP_MODIFIED, "KDC reply did not match expectations"
error_code KRB5_KDCREP_SKEW, "Clock skew too great in KDC reply"
error_code KRB5_IN_TKT_REALM_MISMATCH, "Client/server realm mismatch in initial ticket request"
error_code KRB5_PROG_ETYPE_NOSUPP, "Program lacks support for encryption type"
error_code KRB5_PROG_KEYTYPE_NOSUPP, "Program lacks support for key type"
error_code KRB5_WRONG_ETYPE, "Requested encryption type not used in message"
error_code KRB5_PROG_SUMTYPE_NOSUPP, "Program lacks support for checksum type"
error_code KRB5_REALM_UNKNOWN, "Cannot find KDC for requested realm"
error_code KRB5_SERVICE_UNKNOWN, "Kerberos service unknown"
error_code KRB5_KDC_UNREACH, "Cannot contact any KDC for requested realm"
error_code KRB5_NO_LOCALNAME, "No local name found for principal name"
error_code KRB5_MUTUAL_FAILED, "Mutual authentication failed"
# some of these should be combined/supplanted by system codes
error_code KRB5_RC_TYPE_EXISTS, "Replay cache type is already registered"
error_code KRB5_RC_MALLOC, "No more memory to allocate (in replay cache code)"
error_code KRB5_RC_TYPE_NOTFOUND, "Replay cache type is unknown"
error_code KRB5_RC_UNKNOWN, "Generic unknown RC error"
error_code KRB5_RC_REPLAY, "Message is a replay"
error_code KRB5_RC_IO, "Replay I/O operation failed XXX"
error_code KRB5_RC_NOIO, "Replay cache type does not support non-volatile storage"
error_code KRB5_RC_PARSE, "Replay cache name parse/format error"
error_code KRB5_RC_IO_EOF, "End-of-file on replay cache I/O"
error_code KRB5_RC_IO_MALLOC, "No more memory to allocate (in replay cache I/O code)"
error_code KRB5_RC_IO_PERM, "Permission denied in replay cache code"
error_code KRB5_RC_IO_IO, "I/O error in replay cache i/o code"
error_code KRB5_RC_IO_UNKNOWN, "Generic unknown RC/IO error"
error_code KRB5_RC_IO_SPACE, "Insufficient system space to store replay information"
error_code KRB5_TRANS_CANTOPEN, "Can't open/find realm translation file"
error_code KRB5_TRANS_BADFORMAT, "Improper format of realm translation file"
error_code KRB5_LNAME_CANTOPEN, "Can't open/find lname translation database"
error_code KRB5_LNAME_NOTRANS, "No translation available for requested principal"
error_code KRB5_LNAME_BADFORMAT, "Improper format of translation database entry"
error_code KRB5_CRYPTO_INTERNAL, "Cryptosystem internal error"
error_code KRB5_KT_BADNAME, "Key table name malformed"
error_code KRB5_KT_UNKNOWN_TYPE, "Unknown Key table type"
error_code KRB5_KT_NOTFOUND, "Key table entry not found"
error_code KRB5_KT_END, "End of key table reached"
error_code KRB5_KT_NOWRITE, "Cannot write to specified key table"
error_code KRB5_KT_IOERR, "Error writing to key table"
error_code KRB5_NO_TKT_IN_RLM, "Cannot find ticket for requested realm"
error_code KRB5DES_BAD_KEYPAR, "DES key has bad parity"
error_code KRB5DES_WEAK_KEY, "DES key is a weak key"
error_code KRB5_BAD_ENCTYPE, "Bad encryption type"
error_code KRB5_BAD_KEYSIZE, "Key size is incompatible with encryption type"
error_code KRB5_BAD_MSIZE, "Message size is incompatible with encryption type"
error_code KRB5_CC_TYPE_EXISTS, "Credentials cache type is already registered."
error_code KRB5_KT_TYPE_EXISTS, "Key table type is already registered."
error_code KRB5_CC_IO, "Credentials cache I/O operation failed XXX"
error_code KRB5_FCC_PERM, "Credentials cache file permissions incorrect"
error_code KRB5_FCC_NOFILE, "No credentials cache file found"
error_code KRB5_FCC_INTERNAL, "Internal file credentials cache error"
error_code KRB5_CC_WRITE, "Error writing to credentials cache file"
error_code KRB5_CC_NOMEM, "No more memory to allocate (in credentials cache code)"
error_code KRB5_CC_FORMAT, "Bad format in credentials cache"
error_code KRB5_CC_NOT_KTYPE, "No credentials found with supported encryption types"
# errors for dual tgt library calls
error_code KRB5_INVALID_FLAGS, "Invalid KDC option combination (library internal error)"
error_code KRB5_NO_2ND_TKT, "Request missing second ticket"
error_code KRB5_NOCREDS_SUPPLIED, "No credentials supplied to library routine"
# errors for sendauth (and recvauth)
error_code KRB5_SENDAUTH_BADAUTHVERS, "Bad sendauth version was sent"
error_code KRB5_SENDAUTH_BADAPPLVERS, "Bad application version was sent (via sendauth)"
error_code KRB5_SENDAUTH_BADRESPONSE, "Bad response (during sendauth exchange)"
error_code KRB5_SENDAUTH_REJECTED, "Server rejected authentication (during sendauth exchange)"
# errors for preauthentication
error_code KRB5_PREAUTH_BAD_TYPE, "Unsupported preauthentication type"
error_code KRB5_PREAUTH_NO_KEY, "Required preauthentication key not supplied"
error_code KRB5_PREAUTH_FAILED, "Generic preauthentication failure"
# version number errors
error_code KRB5_RCACHE_BADVNO, "Unsupported replay cache format version number"
error_code KRB5_CCACHE_BADVNO, "Unsupported credentials cache format version number"
error_code KRB5_KEYTAB_BADVNO, "Unsupported key table format version number"
#
#
error_code KRB5_PROG_ATYPE_NOSUPP, "Program lacks support for address type"
error_code KRB5_RC_REQUIRED, "Message replay detection requires rcache parameter"
error_code KRB5_ERR_BAD_HOSTNAME, "Hostname cannot be canonicalized"
error_code KRB5_ERR_HOST_REALM_UNKNOWN, "Cannot determine realm for host"
error_code KRB5_SNAME_UNSUPP_NAMETYPE, "Conversion to service principal undefined for name type"
error_code KRB5KRB_AP_ERR_V4_REPLY, "Initial Ticket response appears to be Version 4"
error_code KRB5_REALM_CANT_RESOLVE, "Cannot resolve KDC for requested realm"
error_code KRB5_TKT_NOT_FORWARDABLE, "Requesting ticket can't get forwardable tickets"
error_code KRB5_FWD_BAD_PRINCIPAL, "Bad principal name while trying to forward credentials"
error_code KRB5_GET_IN_TKT_LOOP, "Looping detected inside krb5_get_in_tkt"
error_code KRB5_CONFIG_NODEFREALM, "Configuration file does not specify default realm"
error_code KRB5_SAM_UNSUPPORTED, "Bad SAM flags in obtain_sam_padata"
error_code KRB5_SAM_INVALID_ETYPE, "Invalid encryption type in SAM challenge"
error_code KRB5_SAM_NO_CHECKSUM, "Missing checksum in SAM challenge"
error_code KRB5_SAM_BAD_CHECKSUM, "Bad checksum in SAM challenge"
index 238
error_code KRB5_OBSOLETE_FN, "Program called an obsolete, deleted function"
index 245
error_code KRB5_ERR_BAD_S2K_PARAMS, "Invalid key generation parameters from KDC"
error_code KRB5_ERR_NO_SERVICE, "Service not available"
error_code KRB5_CC_NOSUPP, "Credential cache function not supported"
error_code KRB5_DELTAT_BADFORMAT, "Invalid format of Kerberos lifetime or clock skew string"
error_code KRB5_PLUGIN_NO_HANDLE, "Supplied data not handled by this plugin"
error_code KRB5_PLUGIN_OP_NOTSUPP, "Plugin does not support the operaton"
end
|