Sun Microsystems, Inc.
spacerspacer
spacer www.sun.com docs.sun.com |
spacer
black dot
 
 
  Previous   Contents   Next 
   
 
Appendix E

Kerberos v5 Status Codes

This chapter lists and describes the Kerberos v5 status codes.

Table of Kerberos v5 Status Codes

Each GSS-API function returns two status codes: a major status code and a minor status code. Major status codes relate to the behavior of the GSS-API itself. For example, if an application attempts to transmit a message after a security context has expired, the GSS-API returns a major status code of GSS_S_CONTEXT_EXPIRED. Major status codes are listed in "GSS-API Status Codes".

Minor status codes are returned by the underlying security mechanisms supported by a given implementation of the GSS-API. At present, the only such mechanism supported by Sun's implementation of the GSS-API is Kerberos v5. (Sun's implementation of the Kerberos v5 is known as SEAM, the Sun Enterprise Authentication Mechanism; for our purposes, you can think of them as the same thing.) Every GSS-API function takes as its first argument a minor_status (or minor_stat) parameter; an application can examine this parameter when the function returns, successfully or not, to see what the status the underlying mechanism reports.

The following table lists the status messages that might be returned by Kerberos v5 in the minor_status argument.

For more on GSS-API status codes, see "Status Codes".

Table E-1 Kerberos v5 Status Codes 1

Minor Status

Value

Meaning

KRB5KDC_ERR_NONE

-1765328384L

No error

KRB5KDC_ERR_NAME_EXP

-1765328383L

Client's entry in database has expired

KRB5KDC_ERR_SERVICE_EXP

-1765328382L

Server's entry in database has expired

KRB5KDC_ERR_BAD_PVNO

-1765328381L

Requested protocol version not supported

KRB5KDC_ERR_C_OLD_MAST_KVNO

-1765328380L

Client's key is encrypted in an old master key

KRB5KDC_ERR_S_OLD_MAST_KVNO

-1765328379L

Server's key is encrypted in an old master key

KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN

-1765328378L

Client not found in Kerberos database

KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN

-1765328377L

Server not found in Kerberos database

KRB5KDC_ERR_PRINCIPAL_NOT_UNIQUE

-1765328376L

Principal has multiple entries in Kerberos database

KRB5KDC_ERR_NULL_KEY

-1765328375L

Client or server has a null key

KRB5KDC_ERR_CANNOT_POSTDATE

-1765328374L

Ticket is ineligible for postdating

KRB5KDC_ERR_NEVER_VALID

-1765328373L

Requested effective lifetime is negative or too short

KRB5KDC_ERR_POLICY

-1765328372L

KDC policy rejects request

KRB5KDC_ERR_BADOPTION

-1765328371L

KDC can't fulfill requested option

KRB5KDC_ERR_ETYPE_NOSUPP

-1765328370L

KDC has no support for encryption type

KRB5KDC_ERR_SUMTYPE_NOSUPP

-1765328369L

KDC has no support for checksum type

KRB5KDC_ERR_PADATA_TYPE_NOSUPP

-1765328368L

KDC has no support for padata type

KRB5KDC_ERR_TRTYPE_NOSUPP

-1765328367L

KDC has no support for transited type

KRB5KDC_ERR_CLIENT_REVOKED

-1765328366L

Client's credentials have been revoked

KRB5KDC_ERR_SERVICE_REVOKED

-1765328365L

Credentials for server have been revoked

Table E-2 Kerberos v5 Status Codes 2

Minor Status

Value

Meaning

KRB5KDC_ERR_TGT_REVOKED

-1765328364L

TGT has been revoked

KRB5KDC_ERR_CLIENT_NOTYET

-1765328363L

Client not yet valid -- try again later

KRB5KDC_ERR_SERVICE_NOTYET

-1765328362L

Server not yet valid -- try again later

KRB5KDC_ERR_KEY_EXP

-1765328361L

Password has expired

KRB5KDC_ERR_PREAUTH_FAILED

-1765328360L

Preauthentication failed

KRB5KDC_ERR_PREAUTH_REQUIRED

-1765328359L

Additional pre-authentication required

KRB5KDC_ERR_SERVER_NOMATCH

-1765328358L

Requested server and ticket don't match

KRB5PLACEHOLD_27 through KRB5PLACEHOLD_30

-1765328357L through -1765328354L

KRB5 error codes 27 through 30 (reserved)

KRB5KRB_AP_ERR_BAD_INTEGRITY

-1765328353L

Decrypt integrity check failed

KRB5KRB_AP_ERR_TKT_EXPIRED

-1765328352L

Ticket expired

KRB5KRB_AP_ERR_TKT_NYV

-1765328351L

Ticket not yet valid

KRB5KRB_AP_ERR_REPEAT

-1765328350L

Request is a replay

KRB5KRB_AP_ERR_NOT_US

-1765328349L

The ticket isn't for us

KRB5KRB_AP_ERR_BADMATCH

-1765328348L

Ticket/authenticator don't match

KRB5KRB_AP_ERR_SKEW

-1765328347L

Clock skew too great

KRB5KRB_AP_ERR_BADADDR

-1765328346L

Incorrect net address

KRB5KRB_AP_ERR_BADVERSION

-1765328345L

Protocol version mismatch

KRB5KRB_AP_ERR_MSG_TYPE

-1765328344L

Invalid message type

KRB5KRB_AP_ERR_MODIFIED

-1765328343L

Message stream modified

KRB5KRB_AP_ERR_BADORDER

-1765328342L

Message out of order

KRB5KRB_AP_ERR_ILL_CR_TKT

-1765328341L

Illegal cross-realm ticket

KRB5KRB_AP_ERR_BADKEYVER

-1765328340L

Key version is not available

Table E-3 Kerberos v5 Status Codes 3

Minor Status

Value

Meaning

KRB5KRB_AP_ERR_NOKEY

-1765328339L

Service key not available

KRB5KRB_AP_ERR_MUT_FAIL

-1765328338L

Mutual authentication failed

KRB5KRB_AP_ERR_BADDIRECTION

-1765328337L

Incorrect message direction

KRB5KRB_AP_ERR_METHOD

-1765328336L

Alternative authentication method required

KRB5KRB_AP_ERR_BADSEQ

-1765328335L

Incorrect sequence number in message

KRB5KRB_AP_ERR_INAPP_CKSUM

-1765328334L

Inappropriate type of checksum in message

KRB5PLACEHOLD_51 through KRB5PLACEHOLD_59

-1765328333L through -1765328325L

KRB5 error codes 51 through 59 (reserved)

KRB5KRB_ERR_GENERIC

-1765328324L

Generic error

KRB5KRB_ERR_FIELD_TOOLONG

-1765328323L

Field is too long for this implementation

KRB5PLACEHOLD_62 through KRB5PLACEHOLD_127

-1765328322L through -1765328257L

KRB5 error codes 62 through 127 (reserved)

(value not returned)

-1765328256L

For internal use only

KRB5_LIBOS_BADLOCKFLAG

-1765328255L

Invalid flag for file lock mode

KRB5_LIBOS_CANTREADPWD

-1765328254L

Cannot read password

KRB5_LIBOS_BADPWDMATCH

-1765328253L

Password mismatch

KRB5_LIBOS_PWDINTR

-1765328252L

Password read interrupted

KRB5_PARSE_ILLCHAR

-1765328251L

Illegal character in component name

KRB5_PARSE_MALFORMED

-1765328250L

Malformed representation of principal

KRB5_CONFIG_CANTOPEN

-1765328249L

Can't open/find Kerberos /etc/krb5/krb5 configuration file

KRB5_CONFIG_BADFORMAT

-1765328248L

Improper format of Kerberos /etc/krb5/krb5 configuration file

KRB5_CONFIG_NOTENUFSPACE

-1765328247L

Insufficient space to return complete information

KRB5_BADMSGTYPE

-1765328246L

Invalid message type specified for encoding

KRB5_CC_BADNAME

-1765328245L

Credential cache name malformed

Table E-4 Kerberos v5 Status Codes 4

Minor Status

Value

Meaning

KRB5_CC_UNKNOWN_TYPE

-1765328244L

Unknown credential cache type

KRB5_CC_NOTFOUND

-1765328243L

Matching credential not found

KRB5_CC_END

-1765328242L

End of credential cache reached

KRB5_NO_TKT_SUPPLIED

-1765328241L

Request did not supply a ticket

KRB5KRB_AP_WRONG_PRINC

-1765328240L

Wrong principal in request

KRB5KRB_AP_ERR_TKT_INVALID

-1765328239L

Ticket has invalid flag set

KRB5_PRINC_NOMATCH

-1765328238L

Requested principal and ticket don't match

KRB5_KDCREP_MODIFIED

-1765328237L

KDC reply did not match expectations

KRB5_KDCREP_SKEW

-1765328236L

Clock skew too great in KDC reply

KRB5_IN_TKT_REALM_MISMATCH

-1765328235L

Client/server realm mismatch in initial ticket request

KRB5_PROG_ETYPE_NOSUPP

-1765328234L

Program lacks support for encryption type

KRB5_PROG_KEYTYPE_NOSUPP

-1765328233L

Program lacks support for key type

KRB5_WRONG_ETYPE

-1765328232L

Requested encryption type not used in message

KRB5_PROG_SUMTYPE_NOSUPP

-1765328231L

Program lacks support for checksum type

KRB5_REALM_UNKNOWN

-1765328230L

Cannot find KDC for requested realm

KRB5_SERVICE_UNKNOWN

-1765328229L

Kerberos service unknown

KRB5_KDC_UNREACH

-1765328228L

Cannot contact any KDC for requested realm

KRB5_NO_LOCALNAME

-1765328227L

No local name found for principal name

KRB5_MUTUAL_FAILED

-1765328226L

Mutual authentication failed

KRB5_RC_TYPE_EXISTS

-1765328225L

Replay cache type is already registered

KRB5_RC_MALLOC

-1765328224L

No more memory to allocate (in replay cache code)

KRB5_RC_TYPE_NOTFOUND

-1765328223L

Replay cache type is unknown

Table E-5 Kerberos v5 Status Codes 5

Minor Status

Value

Meaning

KRB5_RC_UNKNOWN

-1765328222L

Generic unknown RC error

KRB5_RC_REPLAY

-1765328221L

Message is a replay

KRB5_RC_IO

-1765328220L

Replay I/O operation failed

KRB5_RC_NOIO

-1765328219L

Replay cache type does not support non-volatile storage

KRB5_RC_PARSE

-1765328218L

Replay cache name parse/format error

KRB5_RC_IO_EOF

-1765328217L

End-of-file on replay cache I/O

KRB5_RC_IO_MALLOC

-1765328216L

No more memory to allocate (in replay cache I/O code)

KRB5_RC_IO_PERM

-1765328215L

Permission denied in replay cache code

KRB5_RC_IO_IO

-1765328214L

I/O error in replay cache i/o code

KRB5_RC_IO_UNKNOWN

-1765328213L

Generic unknown RC/IO error

KRB5_RC_IO_SPACE

-1765328212L

Insufficient system space to store replay information

KRB5_TRANS_CANTOPEN

-1765328211L

Can't open/find realm translation file

KRB5_TRANS_BADFORMAT

-1765328210L

Improper format of realm translation file

KRB5_LNAME_CANTOPEN

-1765328209L

Can't open/find lname translation database

KRB5_LNAME_NOTRANS

-1765328208L

No translation available for requested principal

KRB5_LNAME_BADFORMAT

-1765328207L

Improper format of translation database entry

KRB5_CRYPTO_INTERNAL

-1765328206L

Cryptosystem internal error

KRB5_KT_BADNAME

-1765328205L

Key table name malformed

KRB5_KT_UNKNOWN_TYPE

-1765328204L

Unknown Key table type

KRB5_KT_NOTFOUND

-1765328203L

Key table entry not found

KRB5_KT_END

-1765328202L

End of key table reached

KRB5_KT_NOWRITE

-1765328201L

Cannot write to specified key table

 
 
 
  Previous   Contents   Next