\subsection{error_table krb5}

% $Source$
% $Author: epeisach $

The Kerberos v5 library error code table follows.
Protocol error codes are ERROR_TABLE_BASE_krb5 + the protocol error
code number.  Other error codes start at ERROR_TABLE_BASE_krb5 + 128.

\begin{small}
\begin{tabular}{ll}
{\sc krb5kdc_err_none }&	 No error \\
{\sc krb5kdc_err_name_exp }& Client's entry in database has expired \\
{\sc krb5kdc_err_service_exp }& Server's entry in database has expired \\
{\sc krb5kdc_err_bad_pvno }& Requested protocol version not supported \\	
{\sc krb5kdc_err_c_old_mast_kvno }& \parbox[t]{2in}{Client's key is encrypted in an old master key} \\
{\sc krb5kdc_err_s_old_mast_kvno }& \parbox[t]{2in}{Server's key is encrypted in an old master key} \\
{\sc krb5kdc_err_c_principal_unknown }&  Client not found in Kerberos database \\
{\sc krb5kdc_err_s_principal_unknown }&  Server not found in Kerberos database \\
{\sc krb5kdc_err_principal_not_unique }&\parbox[t]{2in}{\raggedright{Principal has multiple entries in Kerberos database}} \\
{\sc krb5kdc_err_null_key }& Client or server has a null key \\
{\sc krb5kdc_err_cannot_postdate }& Ticket is ineligible for postdating \\
{\sc krb5kdc_err_never_valid }& \parbox[t]{2in}{Requested effective lifetime is negative or too short} \\
{\sc krb5kdc_err_policy }&	 KDC policy rejects request \\
{\sc krb5kdc_err_badoption }& KDC can't fulfill requested option \\
{\sc krb5kdc_err_etype_nosupp }& KDC has no support for encryption type \\
{\sc krb5kdc_err_sumtype_nosupp }& KDC has no support for checksum type \\
{\sc krb5kdc_err_padata_type_nosupp }&  KDC has no support for padata type \\
{\sc krb5kdc_err_trtype_nosupp }& KDC has no support for transited type \\
{\sc krb5kdc_err_client_revoked }& Clients credentials have been revoked \\
{\sc krb5kdc_err_service_revoked }& Credentials for server have been revoked \\
{\sc krb5kdc_err_tgt_revoked }& TGT has been revoked \\
{\sc krb5kdc_err_client_notyet }& Client not yet valid - try again later \\
{\sc krb5kdc_err_service_notyet }& Server not yet valid - try again later \\
{\sc krb5kdc_err_key_exp }&  	 Password has expired \\
{\sc krb5kdc_preauth_failed }&  	 Preauthentication failed \\
{\sc krb5kdc_err_preauth_require }&	Additional pre-authentication required \\
{\sc krb5kdc_err_server_nomatch }&	Requested server and ticket don't match \\
\multicolumn{2}{c}{error codes 27-30 are currently placeholders}\\

\end{tabular}

\begin{tabular}{ll}
{\sc krb5krb_ap_err_bad_integrity }&  Decrypt integrity check failed \\
{\sc krb5krb_ap_err_tkt_expired }& Ticket expired \\
{\sc krb5krb_ap_err_tkt_nyv }& Ticket not yet valid \\
{\sc krb5krb_ap_err_repeat }& Request is a replay \\
{\sc krb5krb_ap_err_not_us }& The ticket isn't for us \\
{\sc krb5krb_ap_err_badmatch }& Ticket/authenticator don't match \\
{\sc krb5krb_ap_err_skew }& Clock skew too great \\
{\sc krb5krb_ap_err_badaddr }& Incorrect net address \\
{\sc krb5krb_ap_err_badversion }& Protocol version mismatch \\
{\sc krb5krb_ap_err_msg_type }& Invalid message type \\
{\sc krb5krb_ap_err_modified }& Message stream modified \\
{\sc krb5krb_ap_err_badorder }& Message out of order \\
{\sc krb5placehold_43 }&	 KRB5 error code 43 \\
{\sc krb5krb_ap_err_badkeyver }& Key version is not available \\
{\sc krb5krb_ap_err_nokey }& Service key not available \\
{\sc krb5krb_ap_err_mut_fail }& Mutual authentication failed \\
{\sc krb5krb_ap_err_baddirection }& Incorrect message direction \\
{\sc krb5krb_ap_err_method }& Alternative authentication method required \\
{\sc krb5krb_ap_err_badseq }& Incorrect sequence number in message \\
{\sc krb5krb_ap_err_inapp_cksum }& Inappropriate type of checksum in message \\ 
\multicolumn{2}{c}{error codes 51-59 are currently placeholders} \\

{\sc krb5krb_err_generic }& Generic error (see e-text) \\
{\sc krb5krb_err_field_toolong }& Field is too long for this implementation \\
\multicolumn{2}{c}{error codes 62-127 are currently placeholders} \\
\end{tabular}

\begin{tabular}{ll}
{\sc krb5_libos_badlockflag }& Invalid flag for file lock mode \\
{\sc krb5_libos_cantreadpwd }& Cannot read password \\
{\sc krb5_libos_badpwdmatch }& Password mismatch \\
{\sc krb5_libos_pwdintr }&	 Password read interrupted \\
{\sc krb5_parse_illchar }&	 Illegal character in component name \\
{\sc krb5_parse_malformed }& Malformed representation of principal \\
{\sc krb5_config_cantopen }& Can't open/find configuration file \\
{\sc krb5_config_badformat }& Improper format of configuration file \\
{\sc krb5_config_notenufspace }& Insufficient space to return complete information \\
{\sc krb5_badmsgtype }&	 Invalid message type specified for encoding \\
{\sc krb5_cc_badname }&	 Credential cache name malformed \\
{\sc krb5_cc_unknown_type }& Unknown credential cache type  \\
{\sc krb5_cc_notfound }&	 Matching credential not found \\
{\sc krb5_cc_end }&		 End of credential cache reached \\
{\sc krb5_no_tkt_supplied }& Request did not supply a ticket \\
{\sc krb5krb_ap_wrong_princ }&	 Wrong principal in request \\
{\sc krb5krb_ap_err_tkt_invalid }& Ticket has invalid flag set \\
{\sc krb5_princ_nomatch }&	 Requested principal and ticket don't match \\
{\sc krb5_kdcrep_modified }& KDC reply did not match expectations \\
{\sc krb5_kdcrep_skew }&	Clock skew too great in KDC reply \\
{\sc krb5_in_tkt_realm_mismatch }&\parbox[t]{2.5 in}{Client/server realm
mismatch in initial ticket requst}\\

{\sc krb5_prog_etype_nosupp }& Program lacks support for encryption type \\
{\sc krb5_prog_keytype_nosupp }& Program lacks support for key type \\
{\sc krb5_wrong_etype }&	 Requested encryption type not used in message \\
{\sc krb5_prog_sumtype_nosupp }& Program lacks support for checksum type \\
{\sc krb5_realm_unknown }&	 Cannot find KDC for requested realm \\
{\sc krb5_service_unknown }&	Kerberos service unknown \\
{\sc krb5_kdc_unreach }&	 Cannot contact any KDC for requested realm \\
{\sc krb5_no_localname }&	 No local name found for principal name \\

%\multicolumn{1}{c}{some of these should be combined/supplanted by system codes} \\
\end{tabular}

\begin{tabular}{ll}
{\sc krb5_rc_type_exists }&	 Replay cache type is already registered \\
{\sc krb5_rc_malloc }&	 No more memory to allocate (in replay cache code) \\
{\sc krb5_rc_type_notfound }& Replay cache type is unknown \\
{\sc krb5_rc_unknown }&	 Generic unknown RC error \\
{\sc krb5_rc_replay }&	 Message is a replay \\
{\sc krb5_rc_io }&		 Replay I/O operation failed XXX \\
{\sc krb5_rc_noio }&	 \parbox[t]{3in}{Replay cache type does not support non-volatile storage} \\
{\sc krb5_rc_parse }& Replay cache name parse/format error \\
{\sc krb5_rc_io_eof }&	 End-of-file on replay cache I/O \\
{\sc krb5_rc_io_malloc }& \parbox[t]{3in}{No more memory to allocate (in replay cache I/O code)}\\
{\sc krb5_rc_io_perm }&	 Permission denied in replay cache code \\
{\sc krb5_rc_io_io }&	 I/O error in replay cache i/o code \\
{\sc krb5_rc_io_unknown }&	 Generic unknown RC/IO error \\
{\sc krb5_rc_io_space }& Insufficient system space to store replay information \\
{\sc krb5_trans_cantopen }&	 Can't open/find realm translation file \\
{\sc krb5_trans_badformat }& Improper format of realm translation file \\
{\sc krb5_lname_cantopen }&	 Can't open/find lname translation database \\
{\sc krb5_lname_notrans }&	 No translation available for requested principal \\
{\sc krb5_lname_badformat }& Improper format of translation database entry \\
{\sc krb5_crypto_internal }& Cryptosystem internal error \\
{\sc krb5_kt_badname }&	 Key table name malformed \\
{\sc krb5_kt_unknown_type }& Unknown Key table type  \\
{\sc krb5_kt_notfound }&	 Key table entry not found \\
{\sc krb5_kt_end }&		 End of key table reached \\
{\sc krb5_kt_nowrite }&	 Cannot write to specified key table \\
{\sc krb5_kt_ioerr }&	 Error writing to key table \\
{\sc krb5_no_tkt_in_rlm }&	 Cannot find ticket for requested realm \\
{\sc krb5des_bad_keypar }&	 DES key has bad parity \\
{\sc krb5des_weak_key }&	 DES key is a weak key \\
{\sc krb5_bad_keytype }&	 Keytype is incompatible with encryption type \\
{\sc krb5_bad_keysize }&	 Key size is incompatible with encryption type \\
{\sc krb5_bad_msize }&	 Message size is incompatible with encryption type \\
{\sc krb5_cc_type_exists }&	 Credentials cache type is already registered. \\
{\sc krb5_kt_type_exists }&	 Key table type is already registered. \\
{\sc krb5_cc_io }&		 Credentials cache I/O operation failed XXX \\
{\sc krb5_fcc_perm }&	 Credentials cache file permissions incorrect \\
{\sc krb5_fcc_nofile }&	 No credentials cache file found \\
{\sc krb5_fcc_internal }&	 Internal file credentials cache error \\
{\sc krb5_cc_nomem }& \parbox[t]{3in}{No more memory to allocate (in credentials cache code)}\\ 
\end{tabular}

\begin{tabular}{ll}
\multicolumn{2}{c}{errors for dual TGT library calls} \\

{\sc krb5_invalid_flags }& Invalid KDC option combination (library internal error) \\
{\sc krb5_no_2nd_tkt }&	 Request missing second ticket \\
{\sc krb5_nocreds_supplied }& No credentials supplied to library routine \\

\end{tabular}

\begin{tabular}{ll}
\multicolumn{2}{c}{errors for sendauth and recvauth} \\

{\sc krb5_sendauth_badauthvers }& Bad sendauth version was sent \\
{\sc krb5_sendauth_badapplvers }& Bad application version was sent (via sendauth) \\
{\sc krb5_sendauth_badresponse }& Bad response (during sendauth exchange) \\
{\sc krb5_sendauth_rejected }& Server rejected authentication\\
& \ (during sendauth exchange) \\
{\sc krb5_sendauth_mutual_failed }& Mutual authentication failed\\&\ (during sendauth exchange) \\

\end{tabular}

\begin{tabular}{ll}
\multicolumn{2}{c}{errors for preauthentication} \\

{\sc krb5_preauth_bad_type }& Unsupported preauthentication type \\
{\sc krb5_preauth_no_key }&	 Required preauthentication key not supplied \\
{\sc krb5_preauth_failed }&	 Generic preauthentication failure \\

\end{tabular}

\begin{tabular}{ll}
\multicolumn{2}{c}{version number errors} \\

{\sc krb5_rcache_badvno }& Unsupported replay cache format version number \\
{\sc krb5_ccache_badvno }& Unsupported credentials cache format version number \\
{\sc krb5_keytab_badvno }& Unsupported key table format version number \\

\end{tabular}

\begin{tabular}{ll}
\multicolumn{2}{c}{other errors} \\ 

{\sc krb5_prog_atype_nosupp }& Program lacks support for address type \\
{\sc krb5_rc_required }& Message replay detection requires\\&\  rcache parameter \\
{\sc krb5_err_bad_hostname }& Hostname cannot be canonicalized \\
{\sc krb5_err_host_realm_unknown }& Cannot determine realm for host \\
{\sc krb5_sname_unsupp_nametype }& Conversion to service principal undefined\\&\ for name type \\
{\sc krb5krb_ap_err_v4_reply }& Initial Ticket Response appears to be\\
&\ Version 4 error \\
{\sc krb5_realm_cant_resolve }& Cannot resolve KDC for requested realm \\
{\sc krb5_tkt_not_forwardable }& Requesting ticket can't get forwardable tickets \\
\end{tabular}
\end{small}

\subsection{error_table kdb5}

% $Source$
% $Author: epeisach $

The Kerberos v5 database library error code table

\begin{small}
\begin{tabular}{ll}
\multicolumn{2}{c}{From the server side routines} \\
{\sc krb5_kdb_inuse }&	Entry already exists in database\\
{\sc krb5_kdb_uk_serror }&	Database store error\\
{\sc krb5_kdb_uk_rerror }&	Database read error\\
{\sc krb5_kdb_unauth }&	Insufficient access to perform requested operation\\
{\sc krb5_kdb_noentry }&	No such entry in the database\\
{\sc krb5_kdb_ill_wildcard }& Illegal use of wildcard\\
{\sc krb5_kdb_db_inuse }&	Database is locked or in use--try again later\\
{\sc krb5_kdb_db_changed }&	Database was modified during read\\
{\sc krb5_kdb_truncated_record }&	Database record is incomplete or corrupted\\
{\sc krb5_kdb_recursivelock }&	Attempt to lock database twice\\
{\sc krb5_kdb_notlocked }&		Attempt to unlock database when not locked\\
{\sc krb5_kdb_badlockmode }&	Invalid kdb lock mode\\
{\sc krb5_kdb_dbnotinited }&	Database has not been initialized\\
{\sc krb5_kdb_dbinited }&		Database has already been initialized\\
{\sc krb5_kdb_illdirection }&	Bad direction for converting keys\\
{\sc krb5_kdb_nomasterkey }&	Cannot find master key record in database\\
{\sc krb5_kdb_badmasterkey }&	Master key does not match database\\
{\sc krb5_kdb_invalidkeysize }&	Key size in database is invalid\\
{\sc krb5_kdb_cantread_stored }&	Cannot find/read stored master key\\
{\sc krb5_kdb_badstored_mkey }&	Stored master key is corrupted\\
{\sc krb5_kdb_cantlock_db }&	Insufficient access to lock database \\
{\sc krb5_kdb_db_corrupt }&		Database format error\\
{\sc krb5_kdb_bad_version }&	Unsupported version in database entry \\
\end{tabular}
\end{small}

% $Source$
% $Author: epeisach $

\subsection{error_table kv5m}

The Kerberos v5 magic numbers errorcode table follows. These are used
for the magic numbers found in data structures.

\begin{small}
\begin{tabular}{ll} 
{\sc kv5m_none }&		Kerberos V5 magic number table \\
{\sc kv5m_principal }&	Bad magic number for krb5_principal structure \\
{\sc kv5m_data }&		Bad magic number for krb5_data structure \\
{\sc kv5m_keyblock }&	Bad magic number for krb5_keyblock structure \\
{\sc kv5m_checksum }&	Bad magic number for krb5_checksum structure \\
{\sc kv5m_encrypt_block }&	Bad magic number for krb5_encrypt_block structure \\
{\sc kv5m_enc_data }&	Bad magic number for krb5_enc_data structure \\
{\sc kv5m_cryptosystem_entry }&	Bad magic number for krb5_cryptosystem_entry\\&\ structure \\
{\sc kv5m_cs_table_entry }&	Bad magic number for krb5_cs_table_entry structure \\
{\sc kv5m_checksum_entry }&	Bad magic number for krb5_checksum_entry structure \\

{\sc kv5m_authdata }&	Bad magic number for krb5_authdata structure \\
{\sc kv5m_transited }&	Bad magic number for krb5_transited structure \\
{\sc kv5m_enc_tkt_parT }&	Bad magic number for krb5_enc_tkt_part structure \\
{\sc kv5m_ticket }&		Bad magic number for krb5_ticket structure \\
{\sc kv5m_authenticator }&	Bad magic number for krb5_authenticator structure \\
{\sc kv5m_tkt_authent }&	Bad magic number for krb5_tkt_authent structure \\
{\sc kv5m_creds }&		Bad magic number for krb5_creds structure \\
{\sc kv5m_last_req_entry }&	Bad magic number for krb5_last_req_entry structure \\
{\sc kv5m_pa_data }&		Bad magic number for krb5_pa_data structure \\
{\sc kv5m_kdc_req }&		Bad magic number for krb5_kdc_req structure \\
{\sc kv5m_enc_kdc_rep_part }& Bad magic number for krb5_enc_kdc_rep_part structure \\
{\sc kv5m_kdc_rep }&		Bad magic number for krb5_kdc_rep structure \\
{\sc kv5m_error }&		Bad magic number for krb5_error structure \\
{\sc kv5m_ap_req }&		Bad magic number for krb5_ap_req structure \\
{\sc kv5m_ap_rep }&		Bad magic number for krb5_ap_rep structure \\
{\sc kv5m_ap_rep_enc_part }&	Bad magic number for krb5_ap_rep_enc_part structure \\
{\sc kv5m_response }&	Bad magic number for krb5_response structure \\
{\sc kv5m_safe }&		Bad magic number for krb5_safe structure \\
{\sc kv5m_priv }&		Bad magic number for krb5_priv structure \\
{\sc kv5m_priv_enc_part }&	Bad magic number for krb5_priv_enc_part structure \\
{\sc kv5m_cred }&		Bad magic number for krb5_cred structure \\
{\sc kv5m_cred_info }&	Bad magic number for krb5_cred_info structure \\
{\sc kv5m_cred_enc_part }&	Bad magic number for krb5_cred_enc_part structure \\
{\sc kv5m_pwd_data }&	Bad magic number for krb5_pwd_data structure \\
{\sc kv5m_address }&	Bad magic number for krb5_address structure \\
{\sc kv5m_keytab_entry }&	Bad magic number for krb5_keytab_entry structure \\
{\sc kv5m_context }&	Bad magic number for krb5_context structure \\
{\sc kv5m_os_context }&	Bad magic number for krb5_os_context structure \\

\end{tabular}
\end{small}

\subsection{error_table asn1}

The Kerberos v5/ASN.1 error table mappings

\begin{small}
\begin{tabular}{ll}
{\sc asn1_bad_timeformat }&	ASN.1 failed call to system time library \\
{\sc asn1_missing_field }&	ASN.1 structure is missing a required field \\
{\sc asn1_misplaced_field }&	ASN.1 unexpected field number \\
{\sc asn1_type_mismatch }&	ASN.1 type numbers are inconsistent \\
{\sc asn1_overflow }&	ASN.1 value too large \\
{\sc asn1_overrun }&	ASN.1 encoding ended unexpectedly \\
{\sc asn1_bad_id }&	ASN.1 identifier doesn't match expected value \\
{\sc asn1_bad_length }&	ASN.1 length doesn't match expected value \\
{\sc asn1_bad_format }&	ASN.1 badly-formatted encoding \\
{\sc asn1_parse_error }&	ASN.1 parse error \\
\end{tabular}
\end{small}