Kerberos V5 Library Error Codes
This is the Kerberos v5 library error code table.  Protocol error codes
are 
 ERROR_TABLE_BASE_krb5 + the protocol error code number; other
error codes start at ERROR_TABLE_BASE_krb5 + 128.
     
- KRB5KDC_ERR_NONE:  No error
- KRB5KDC_ERR_NAME_EXP:  Client's entry in database has expired
- KRB5KDC_ERR_SERVICE_EXP:  Server's entry in database has expired
- KRB5KDC_ERR_BAD_PVNO:  Requested protocol version not supported
- KRB5KDC_ERR_C_OLD_MAST_KVNO:  Client's key is encrypted in an old master
key
- KRB5KDC_ERR_S_OLD_MAST_KVNO:  Server's key is encrypted in an old master
key
- KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN:  Client not found in Kerberos database
- KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN:  Server not found in Kerberos database
- KRB5KDC_ERR_PRINCIPAL_NOT_UNIQUE:  Principal has multiple entries in
Kerberos database
- KRB5KDC_ERR_NULL_KEY:  Client or server has a null key
- KRB5KDC_ERR_CANNOT_POSTDATE:  Ticket is ineligible for postdating
- KRB5KDC_ERR_NEVER_VALID:  Requested effective lifetime is negative or
too short
- KRB5KDC_ERR_POLICY:  KDC policy rejects request
- KRB5KDC_ERR_BADOPTION:  KDC can't fulfill requested option
- KRB5KDC_ERR_ETYPE_NOSUPP:  KDC has no support for encryption type
- KRB5KDC_ERR_SUMTYPE_NOSUPP:  KDC has no support for checksum type
- KRB5KDC_ERR_PADATA_TYPE_NOSUPP:  KDC has no support for padata type
- KRB5KDC_ERR_TRTYPE_NOSUPP:  KDC has no support for transited type
- KRB5KDC_ERR_CLIENT_REVOKED:  Clients credentials have been revoked
- KRB5KDC_ERR_SERVICE_REVOKED:  Credentials for server have been revoked
- KRB5KDC_ERR_TGT_REVOKED:  TGT has been revoked
- KRB5KDC_ERR_CLIENT_NOTYET:  Client not yet valid - try again later
- KRB5KDC_ERR_SERVICE_NOTYET:  Server not yet valid - try again later
- KRB5KDC_ERR_KEY_EXP:  Password has expired
- KRB5KDC_ERR_PREAUTH_FAILED:  Preauthentication failed
- KRB5KDC_ERR_PREAUTH_REQUIRED:  Additional pre-authentication required
- KRB5KDC_ERR_SERVER_NOMATCH:  Requested server and ticket don't match
- KRB5PLACEHOLD_27:  KRB5 error code 27
- KRB5PLACEHOLD_28:  KRB5 error code 28
- KRB5PLACEHOLD_29:  KRB5 error code 29
- KRB5PLACEHOLD_30:  KRB5 error code 30
- KRB5KRB_AP_ERR_BAD_INTEGRITY:  Decrypt integrity check failed
- KRB5KRB_AP_ERR_TKT_EXPIRED:  Ticket expired
- KRB5KRB_AP_ERR_TKT_NYV:  Ticket not yet valid
- KRB5KRB_AP_ERR_REPEAT:  Request is a replay
- KRB5KRB_AP_ERR_NOT_US:  The ticket isn't for us
- KRB5KRB_AP_ERR_BADMATCH:  Ticket/authenticator don't match
- KRB5KRB_AP_ERR_SKEW:  Clock skew too great
- KRB5KRB_AP_ERR_BADADDR:  Incorrect net address
- KRB5KRB_AP_ERR_BADVERSION:  Protocol version mismatch
- KRB5KRB_AP_ERR_MSG_TYPE:  Invalid message type
- KRB5KRB_AP_ERR_MODIFIED:  Message stream modified
- KRB5KRB_AP_ERR_BADORDER:  Message out of order
- KRB5KRB_AP_ERR_ILL_CR_TKT:  Illegal cross-realm ticket
- KRB5KRB_AP_ERR_BADKEYVER:  Key version is not available
- KRB5KRB_AP_ERR_NOKEY:  Service key not available
- KRB5KRB_AP_ERR_MUT_FAIL:  Mutual authentication failed
- KRB5KRB_AP_ERR_BADDIRECTION:  Incorrect message direction
- KRB5KRB_AP_ERR_METHOD:  Alternative authentication method required
- KRB5KRB_AP_ERR_BADSEQ:  Incorrect sequence number in message
- KRB5KRB_AP_ERR_INAPP_CKSUM:  Inappropriate type of checksum in message
- KRB5KRB_AP_PATH_NOT_ACCEPTED: Policy rejects transited path
- KRB5KRB_ERR_RESPONSE_TOO_BIG: Response too big for UDP, retry with TCP
- KRB5PLACEHOLD_53:  KRB5 error code 53
- KRB5PLACEHOLD_54:  KRB5 error code 54
- KRB5PLACEHOLD_55:  KRB5 error code 55
- KRB5PLACEHOLD_56:  KRB5 error code 56
- KRB5PLACEHOLD_57:  KRB5 error code 57
- KRB5PLACEHOLD_58:  KRB5 error code 58
- KRB5PLACEHOLD_59:  KRB5 error code 59
- KRB5KRB_ERR_GENERIC:  Generic error (see e-text)
- KRB5KRB_ERR_FIELD_TOOLONG:  Field is too long for this implementation
- KRB5PLACEHOLD_62:  KRB5 error code 62
- KRB5PLACEHOLD_63:  KRB5 error code 63
- KRB5PLACEHOLD_64:  KRB5 error code 64
- KRB5PLACEHOLD_65:  KRB5 error code 65
- KRB5PLACEHOLD_66:  KRB5 error code 66
- KRB5PLACEHOLD_67:  KRB5 error code 67
- KRB5PLACEHOLD_68:  KRB5 error code 68
- KRB5PLACEHOLD_69:  KRB5 error code 69
- KRB5PLACEHOLD_70:  KRB5 error code 70
- KRB5PLACEHOLD_71:  KRB5 error code 71
- KRB5PLACEHOLD_72:  KRB5 error code 72
- KRB5PLACEHOLD_73:  KRB5 error code 73
- KRB5PLACEHOLD_74:  KRB5 error code 74
- KRB5PLACEHOLD_75:  KRB5 error code 75
- KRB5PLACEHOLD_76:  KRB5 error code 76
- KRB5PLACEHOLD_77:  KRB5 error code 77
- KRB5PLACEHOLD_78:  KRB5 error code 78
- KRB5PLACEHOLD_79:  KRB5 error code 79
- KRB5PLACEHOLD_80:  KRB5 error code 80
- KRB5PLACEHOLD_81:  KRB5 error code 81
- KRB5PLACEHOLD_82:  KRB5 error code 82
- KRB5PLACEHOLD_83:  KRB5 error code 83
- KRB5PLACEHOLD_84:  KRB5 error code 84
- KRB5PLACEHOLD_85:  KRB5 error code 85
- KRB5PLACEHOLD_86:  KRB5 error code 86
- KRB5PLACEHOLD_87:  KRB5 error code 87
- KRB5PLACEHOLD_88:  KRB5 error code 88
- KRB5PLACEHOLD_89:  KRB5 error code 89
- KRB5PLACEHOLD_90:  KRB5 error code 90
- KRB5PLACEHOLD_91:  KRB5 error code 91
- KRB5PLACEHOLD_92:  KRB5 error code 92
- KRB5PLACEHOLD_93:  KRB5 error code 93
- KRB5PLACEHOLD_94:  KRB5 error code 94
- KRB5PLACEHOLD_95:  KRB5 error code 95
- KRB5PLACEHOLD_96:  KRB5 error code 96
- KRB5PLACEHOLD_97:  KRB5 error code 97
- KRB5PLACEHOLD_98:  KRB5 error code 98
- KRB5PLACEHOLD_99:  KRB5 error code 99
- KRB5PLACEHOLD_100:  KRB5 error code 100
- KRB5PLACEHOLD_101:  KRB5 error code 101
- KRB5PLACEHOLD_102:  KRB5 error code 102
- KRB5PLACEHOLD_103:  KRB5 error code 103
- KRB5PLACEHOLD_104:  KRB5 error code 104
- KRB5PLACEHOLD_105:  KRB5 error code 105
- KRB5PLACEHOLD_106:  KRB5 error code 106
- KRB5PLACEHOLD_107:  KRB5 error code 107
- KRB5PLACEHOLD_108:  KRB5 error code 108
- KRB5PLACEHOLD_109:  KRB5 error code 109
- KRB5PLACEHOLD_110:  KRB5 error code 110
- KRB5PLACEHOLD_111:  KRB5 error code 111
- KRB5PLACEHOLD_112:  KRB5 error code 112
- KRB5PLACEHOLD_113:  KRB5 error code 113
- KRB5PLACEHOLD_114:  KRB5 error code 114
- KRB5PLACEHOLD_115:  KRB5 error code 115
- KRB5PLACEHOLD_116:  KRB5 error code 116
- KRB5PLACEHOLD_117:  KRB5 error code 117
- KRB5PLACEHOLD_118:  KRB5 error code 118
- KRB5PLACEHOLD_119:  KRB5 error code 119
- KRB5PLACEHOLD_120:  KRB5 error code 120
- KRB5PLACEHOLD_121:  KRB5 error code 121
- KRB5PLACEHOLD_122:  KRB5 error code 122
- KRB5PLACEHOLD_123:  KRB5 error code 123
- KRB5PLACEHOLD_124:  KRB5 error code 124
- KRB5PLACEHOLD_125:  KRB5 error code 125
- KRB5PLACEHOLD_126:  KRB5 error code 126
- KRB5PLACEHOLD_127:  KRB5 error code 127
- KRB5_ERR_RCSID:  (RCS Id string for the krb5 error table)
- KRB5_LIBOS_BADLOCKFLAG:  Invalid flag for file lock mode
- KRB5_LIBOS_CANTREADPWD:  Cannot read password
- KRB5_LIBOS_BADPWDMATCH:  Password mismatch
- KRB5_LIBOS_PWDINTR:  Password read interrupted
- KRB5_PARSE_ILLCHAR:  Illegal character in component name
- KRB5_PARSE_MALFORMED:  Malformed representation of principal
- KRB5_CONFIG_CANTOPEN:  Can't open/find Kerberos configuration file
- KRB5_CONFIG_BADFORMAT:  Improper format of Kerberos configuration file
- KRB5_CONFIG_NOTENUFSPACE:  Insufficient space to return complete
information
- KRB5_BADMSGTYPE:  Invalid message type specified for encoding
- KRB5_CC_BADNAME:  Credential cache name malformed
- KRB5_CC_UNKNOWN_TYPE:  Unknown credential cache type
- KRB5_CC_NOTFOUND:  Matching credential not found
- KRB5_CC_END:  End of credential cache reached
- KRB5_NO_TKT_SUPPLIED:  Request did not supply a ticket
- KRB5KRB_AP_WRONG_PRINC:  Wrong principal in request
- KRB5KRB_AP_ERR_TKT_INVALID:  Ticket has invalid flag set
- KRB5_PRINC_NOMATCH:  Requested principal and ticket don't match
- KRB5_KDCREP_MODIFIED:  KDC reply did not match expectations
- KRB5_KDCREP_SKEW:  Clock skew too great in KDC reply
- KRB5_IN_TKT_REALM_MISMATCH:  Client/server realm mismatch in initial
ticket request
- KRB5_PROG_ETYPE_NOSUPP:  Program lacks support for encryption type
- KRB5_PROG_KEYTYPE_NOSUPP:  Program lacks support for key type
- KRB5_WRONG_ETYPE:  Requested encryption type not used in message
- KRB5_PROG_SUMTYPE_NOSUPP:  Program lacks support for checksum type
- KRB5_REALM_UNKNOWN:  Cannot find KDC for requested realm
- KRB5_SERVICE_UNKNOWN:  Kerberos service unknown
- KRB5_KDC_UNREACH:  Cannot contact any KDC for requested realm
- KRB5_NO_LOCALNAME:  No local name found for principal name
- KRB5_MUTUAL_FAILED:  Mutual authentication failed
- KRB5_RC_TYPE_EXISTS:  Replay cache type is already registered
- KRB5_RC_MALLOC:  No more memory to allocate (in replay cache code)
- KRB5_RC_TYPE_NOTFOUND:  Replay cache type is unknown
- KRB5_RC_UNKNOWN:  Generic unknown RC error
- KRB5_RC_REPLAY:  Message is a replay
- KRB5_RC_IO:  Replay I/O operation failed XXX
- KRB5_RC_NOIO:  Replay cache type does not support non-volatile storage
- KRB5_RC_PARSE:  Replay cache name parse/format error
- KRB5_RC_IO_EOF:  End-of-file on replay cache I/O
- KRB5_RC_IO_MALLOC:  No more memory to allocate (in replay cache I/O
code)
- KRB5_RC_IO_PERM:  Permission denied in replay cache code
- KRB5_RC_IO_IO:  I/O error in replay cache i/o code
- KRB5_RC_IO_UNKNOWN:  Generic unknown RC/IO error
- KRB5_RC_IO_SPACE:  Insufficient system space to store replay information
- KRB5_TRANS_CANTOPEN:  Can't open/find realm translation file
- KRB5_TRANS_BADFORMAT:  Improper format of realm translation file
- KRB5_LNAME_CANTOPEN:  Can't open/find lname translation database
- KRB5_LNAME_NOTRANS:  No translation available for requested principal
- KRB5_LNAME_BADFORMAT:  Improper format of translation database entry
- KRB5_CRYPTO_INTERNAL:  Cryptosystem internal error
- KRB5_KT_BADNAME:  Key table name malformed
- KRB5_KT_UNKNOWN_TYPE:  Unknown Key table type
- KRB5_KT_NOTFOUND:  Key table entry not found
- KRB5_KT_END:  End of key table reached
- KRB5_KT_NOWRITE:  Cannot write to specified key table
- KRB5_KT_IOERR:  Error writing to key table
- KRB5_NO_TKT_IN_RLM:  Cannot find ticket for requested realm
- KRB5DES_BAD_KEYPAR:  DES key has bad parity
- KRB5DES_WEAK_KEY:  DES key is a weak key
- KRB5_BAD_ENCTYPE:  Bad encryption type
- KRB5_BAD_KEYSIZE:  Key size is incompatible with encryption type
- KRB5_BAD_MSIZE:  Message size is incompatible with encryption type
- KRB5_CC_TYPE_EXISTS:  Credentials cache type is already registered. 
- KRB5_KT_TYPE_EXISTS:  Key table type is already registered. 
- KRB5_CC_IO:  Credentials cache I/O operation failed XXX
- KRB5_FCC_PERM:  Credentials cache file permissions incorrect
- KRB5_FCC_NOFILE:  No credentials cache found
- KRB5_FCC_INTERNAL:  Internal credentials cache error
- KRB5_CC_WRITE:  Error writing to credentials cache
- KRB5_CC_NOMEM:  No more memory to allocate (in credentials cache code)
- KRB5_CC_FORMAT:  Bad format in credentials cache
- KRB5_INVALID_FLAGS:  Invalid KDC option combination (library internal
error) [for dual tgt library calls]
- KRB5_NO_2ND_TKT:  Request missing second ticket [for dual tgt library
calls]
- KRB5_NOCREDS_SUPPLIED:  No credentials supplied to library routine
- KRB5_SENDAUTH_BADAUTHVERS:  Bad sendauth version was sent
- KRB5_SENDAUTH_BADAPPLVERS:  Bad application version was sent (via
sendauth)
- KRB5_SENDAUTH_BADRESPONSE:  Bad response (during sendauth exchange)
- KRB5_SENDAUTH_REJECTED:  Server rejected authentication (during sendauth
exchange)
- KRB5_PREAUTH_BAD_TYPE:  Unsupported preauthentication type
- KRB5_PREAUTH_NO_KEY:  Required preauthentication key not supplied
- KRB5_PREAUTH_FAILED:  Generic preauthentication failure
- KRB5_RCACHE_BADVNO:  Unsupported replay cache format version number
- KRB5_CCACHE_BADVNO:  Unsupported credentials cache format version number
- KRB5_KEYTAB_BADVNO:  Unsupported key table format version number
- KRB5_PROG_ATYPE_NOSUPP:  Program lacks support for address type
- KRB5_RC_REQUIRED:  Message replay detection requires rcache parameter
- KRB5_ERR_BAD_HOSTNAME:  Hostname cannot be canonicalized
- KRB5_ERR_HOST_REALM_UNKNOWN:  Cannot determine realm for host
- KRB5_SNAME_UNSUPP_NAMETYPE:  Conversion to service principal undefined
for name type
- KRB5KRB_AP_ERR_V4_REPLY:  Initial Ticket response appears to be Version
4 error
- KRB5_REALM_CANT_RESOLVE:  Cannot resolve KDC for requested realm
- KRB5_TKT_NOT_FORWARDABLE:  Requesting ticket can't get forwardable
tickets
- KRB5_FWD_BAD_PRINCIPAL:  Bad principal name while trying to forward
credentials
- KRB5_GET_IN_TKT_LOOP:  Looping detected inside krb5_get_in_tkt
- KRB5_CONFIG_NODEFREALM:  Configuration file does not specify default realm
- KRB5_SAM_UNSUPPORTED:  Bad SAM flags in obtain_sam_padata
- KRB5_KT_NAME_TOOLONG: Keytab name too long
- KRB5_KT_KVNONOTFOUND: Key version number for principal in key table is incorrect
- KRB5_APPL_EXPIRED: This application has expired
- KRB5_LIB_EXPIRED: This Krb5 library has expired
- KRB5_CHPW_PWDNULL: New password cannot be zero length
- KRB5_CHPW_FAIL: Password change failed
- KRB5_KT_FORMAT: Bad format in keytab
- KRB5_NOPERM_ETYPE: Encryption type not permitted
- KRB5_CONFIG_ETYPE_NOSUPP: No supported encryption types (config file error?) 
- KRB5_OBSOLETE_FN: Program called an obsolete, deleted function
- KRB5_EAI_FAIL: unknown getaddrinfo failure
- KRB5_EAI_NODATA: no data available for host/domain name
- KRB5_EAI_NONAME: host/domain name not found
- KRB5_EAI_SERVICE: service name unknown
- KRB5_ERR_NUMERIC_REALM: Cannot determine realm for numeric host address