blob: ad90cac53bb219c82c290f6a6a4dc2eb575f196b (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
|
\subsection{error_table krb5}
% $Source$
% $Author$
The Kerberos v5 library error code table follows.
Protocol error codes are ERROR_TABLE_BASE_krb5 + the protocol error
code number. Other error codes start at ERROR_TABLE_BASE_krb5 + 128.
\begin{small}
\begin{tabular}{ll}
{\sc krb5kdc_err_none }& No error \\
{\sc krb5kdc_err_name_exp }& Client's entry in database has expired \\
{\sc krb5kdc_err_service_exp }& Server's entry in database has expired \\
{\sc krb5kdc_err_bad_pvno }& Requested protocol version not supported \\
{\sc krb5kdc_err_c_old_mast_kvno }& \parbox[t]{2in}{Client's key is encrypted in an old master key} \\
{\sc krb5kdc_err_s_old_mast_kvno }& \parbox[t]{2in}{Server's key is encrypted in an old master key} \\
{\sc krb5kdc_err_c_principal_unknown }& Client not found in Kerberos database \\
{\sc krb5kdc_err_s_principal_unknown }& Server not found in Kerberos database \\
{\sc krb5kdc_err_principal_not_unique }&\parbox[t]{2in}{\raggedright{Principal has multiple entries in Kerberos database}} \\
{\sc krb5kdc_err_null_key }& Client or server has a null key \\
{\sc krb5kdc_err_cannot_postdate }& Ticket is ineligible for postdating \\
{\sc krb5kdc_err_never_valid }& \parbox[t]{2in}{Requested effective lifetime is negative or too short} \\
{\sc krb5kdc_err_policy }& KDC policy rejects request \\
{\sc krb5kdc_err_badoption }& KDC can't fulfill requested option \\
{\sc krb5kdc_err_etype_nosupp }& KDC has no support for encryption type \\
{\sc krb5kdc_err_sumtype_nosupp }& KDC has no support for checksum type \\
{\sc krb5kdc_err_padata_type_nosupp }& KDC has no support for padata type \\
{\sc krb5kdc_err_trtype_nosupp }& KDC has no support for transited type \\
{\sc krb5kdc_err_client_revoked }& Clients credentials have been revoked \\
{\sc krb5kdc_err_service_revoked }& Credentials for server have been revoked \\
{\sc krb5kdc_err_tgt_revoked }& TGT has been revoked \\
{\sc krb5kdc_err_client_notyet }& Client not yet valid - try again later \\
{\sc krb5kdc_err_service_notyet }& Server not yet valid - try again later \\
{\sc krb5kdc_err_key_exp }& Password has expired \\
{\sc krb5kdc_preauth_failed }& Preauthentication failed \\
{\sc krb5kdc_err_preauth_require }& Additional pre-authentication required \\
{\sc krb5kdc_err_server_nomatch }& Requested server and ticket don't match \\
\multicolumn{2}{c}{error codes 27-30 are currently placeholders}\\
\end{tabular}
\begin{tabular}{ll}
{\sc krb5krb_ap_err_bad_integrity }& Decrypt integrity check failed \\
{\sc krb5krb_ap_err_tkt_expired }& Ticket expired \\
{\sc krb5krb_ap_err_tkt_nyv }& Ticket not yet valid \\
{\sc krb5krb_ap_err_repeat }& Request is a replay \\
{\sc krb5krb_ap_err_not_us }& The ticket isn't for us \\
{\sc krb5krb_ap_err_badmatch }& Ticket/authenticator don't match \\
{\sc krb5krb_ap_err_skew }& Clock skew too great \\
{\sc krb5krb_ap_err_badaddr }& Incorrect net address \\
{\sc krb5krb_ap_err_badversion }& Protocol version mismatch \\
{\sc krb5krb_ap_err_msg_type }& Invalid message type \\
{\sc krb5krb_ap_err_modified }& Message stream modified \\
{\sc krb5krb_ap_err_badorder }& Message out of order \\
{\sc krb5placehold_43 }& KRB5 error code 43 \\
{\sc krb5krb_ap_err_badkeyver }& Key version is not available \\
{\sc krb5krb_ap_err_nokey }& Service key not available \\
{\sc krb5krb_ap_err_mut_fail }& Mutual authentication failed \\
{\sc krb5krb_ap_err_baddirection }& Incorrect message direction \\
{\sc krb5krb_ap_err_method }& Alternative authentication method required \\
{\sc krb5krb_ap_err_badseq }& Incorrect sequence number in message \\
{\sc krb5krb_ap_err_inapp_cksum }& Inappropriate type of checksum in message \\
\multicolumn{2}{c}{error codes 51-59 are currently placeholders} \\
{\sc krb5krb_err_generic }& Generic error (see e-text) \\
{\sc krb5krb_err_field_toolong }& Field is too long for this implementation \\
\multicolumn{2}{c}{error codes 62-127 are currently placeholders} \\
\end{tabular}
\begin{tabular}{ll}
{\sc krb5_libos_badlockflag }& Invalid flag for file lock mode \\
{\sc krb5_libos_cantreadpwd }& Cannot read password \\
{\sc krb5_libos_badpwdmatch }& Password mismatch \\
{\sc krb5_libos_pwdintr }& Password read interrupted \\
{\sc krb5_parse_illchar }& Illegal character in component name \\
{\sc krb5_parse_malformed }& Malformed representation of principal \\
{\sc krb5_config_cantopen }& Can't open/find configuration file \\
{\sc krb5_config_badformat }& Improper format of configuration file \\
{\sc krb5_config_notenufspace }& Insufficient space to return complete information \\
{\sc krb5_badmsgtype }& Invalid message type specified for encoding \\
{\sc krb5_cc_badname }& Credential cache name malformed \\
{\sc krb5_cc_unknown_type }& Unknown credential cache type \\
{\sc krb5_cc_notfound }& Matching credential not found \\
{\sc krb5_cc_end }& End of credential cache reached \\
{\sc krb5_no_tkt_supplied }& Request did not supply a ticket \\
{\sc krb5krb_ap_wrong_princ }& Wrong principal in request \\
{\sc krb5krb_ap_err_tkt_invalid }& Ticket has invalid flag set \\
{\sc krb5_princ_nomatch }& Requested principal and ticket don't match \\
{\sc krb5_kdcrep_modified }& KDC reply did not match expectations \\
{\sc krb5_kdcrep_skew }& Clock skew too great in KDC reply \\
{\sc krb5_in_tkt_realm_mismatch }&\parbox[t]{2.5 in}{Client/server realm
mismatch in initial ticket requst}\\
{\sc krb5_prog_etype_nosupp }& Program lacks support for encryption type \\
{\sc krb5_prog_keytype_nosupp }& Program lacks support for key type \\
{\sc krb5_wrong_etype }& Requested encryption type not used in message \\
{\sc krb5_prog_sumtype_nosupp }& Program lacks support for checksum type \\
{\sc krb5_realm_unknown }& Cannot find KDC for requested realm \\
{\sc krb5_service_unknown }& Kerberos service unknown \\
{\sc krb5_kdc_unreach }& Cannot contact any KDC for requested realm \\
{\sc krb5_no_localname }& No local name found for principal name \\
%\multicolumn{1}{c}{some of these should be combined/supplanted by system codes} \\
\end{tabular}
\begin{tabular}{ll}
{\sc krb5_rc_type_exists }& Replay cache type is already registered \\
{\sc krb5_rc_malloc }& No more memory to allocate (in replay cache code) \\
{\sc krb5_rc_type_notfound }& Replay cache type is unknown \\
{\sc krb5_rc_unknown }& Generic unknown RC error \\
{\sc krb5_rc_replay }& Message is a replay \\
{\sc krb5_rc_io }& Replay I/O operation failed XXX \\
{\sc krb5_rc_noio }& \parbox[t]{3in}{Replay cache type does not support non-volatile storage} \\
{\sc krb5_rc_parse }& Replay cache name parse/format error \\
{\sc krb5_rc_io_eof }& End-of-file on replay cache I/O \\
{\sc krb5_rc_io_malloc }& \parbox[t]{3in}{No more memory to allocate (in replay cache I/O code)}\\
{\sc krb5_rc_io_perm }& Permission denied in replay cache code \\
{\sc krb5_rc_io_io }& I/O error in replay cache i/o code \\
{\sc krb5_rc_io_unknown }& Generic unknown RC/IO error \\
{\sc krb5_rc_io_space }& Insufficient system space to store replay information \\
{\sc krb5_trans_cantopen }& Can't open/find realm translation file \\
{\sc krb5_trans_badformat }& Improper format of realm translation file \\
{\sc krb5_lname_cantopen }& Can't open/find lname translation database \\
{\sc krb5_lname_notrans }& No translation available for requested principal \\
{\sc krb5_lname_badformat }& Improper format of translation database entry \\
{\sc krb5_crypto_internal }& Cryptosystem internal error \\
{\sc krb5_kt_badname }& Key table name malformed \\
{\sc krb5_kt_unknown_type }& Unknown Key table type \\
{\sc krb5_kt_notfound }& Key table entry not found \\
{\sc krb5_kt_end }& End of key table reached \\
{\sc krb5_kt_nowrite }& Cannot write to specified key table \\
{\sc krb5_kt_ioerr }& Error writing to key table \\
{\sc krb5_no_tkt_in_rlm }& Cannot find ticket for requested realm \\
{\sc krb5des_bad_keypar }& DES key has bad parity \\
{\sc krb5des_weak_key }& DES key is a weak key \\
{\sc krb5_bad_keytype }& Keytype is incompatible with encryption type \\
{\sc krb5_bad_keysize }& Key size is incompatible with encryption type \\
{\sc krb5_bad_msize }& Message size is incompatible with encryption type \\
{\sc krb5_cc_type_exists }& Credentials cache type is already registered. \\
{\sc krb5_kt_type_exists }& Key table type is already registered. \\
{\sc krb5_cc_io }& Credentials cache I/O operation failed XXX \\
{\sc krb5_fcc_perm }& Credentials cache file permissions incorrect \\
{\sc krb5_fcc_nofile }& No credentials cache file found \\
{\sc krb5_fcc_internal }& Internal file credentials cache error \\
{\sc krb5_cc_nomem }& \parbox[t]{3in}{No more memory to allocate (in credentials cache code)}\\
\end{tabular}
\begin{tabular}{ll}
\multicolumn{2}{c}{errors for dual TGT library calls} \\
{\sc krb5_invalid_flags }& Invalid KDC option combination (library internal error) \\
{\sc krb5_no_2nd_tkt }& Request missing second ticket \\
{\sc krb5_nocreds_supplied }& No credentials supplied to library routine \\
\end{tabular}
\begin{tabular}{ll}
\multicolumn{2}{c}{errors for sendauth and recvauth} \\
{\sc krb5_sendauth_badauthvers }& Bad sendauth version was sent \\
{\sc krb5_sendauth_badapplvers }& Bad application version was sent (via sendauth) \\
{\sc krb5_sendauth_badresponse }& Bad response (during sendauth exchange) \\
{\sc krb5_sendauth_rejected }& Server rejected authentication\\
& \ (during sendauth exchange) \\
{\sc krb5_sendauth_mutual_failed }& Mutual authentication failed\\&\ (during sendauth exchange) \\
\end{tabular}
\begin{tabular}{ll}
\multicolumn{2}{c}{errors for preauthentication} \\
{\sc krb5_preauth_bad_type }& Unsupported preauthentication type \\
{\sc krb5_preauth_no_key }& Required preauthentication key not supplied \\
{\sc krb5_preauth_failed }& Generic preauthentication failure \\
\end{tabular}
\begin{tabular}{ll}
\multicolumn{2}{c}{version number errors} \\
{\sc krb5_rcache_badvno }& Unsupported replay cache format version number \\
{\sc krb5_ccache_badvno }& Unsupported credentials cache format version number \\
{\sc krb5_keytab_badvno }& Unsupported key table format version number \\
\end{tabular}
\begin{tabular}{ll}
\multicolumn{2}{c}{other errors} \\
{\sc krb5_prog_atype_nosupp }& Program lacks support for address type \\
{\sc krb5_rc_required }& Message replay detection requires\\&\ rcache parameter \\
{\sc krb5_err_bad_hostname }& Hostname cannot be canonicalized \\
{\sc krb5_err_host_realm_unknown }& Cannot determine realm for host \\
{\sc krb5_sname_unsupp_nametype }& Conversion to service principal undefined\\&\ for name type \\
{\sc krb5krb_ap_err_v4_reply }& Initial Ticket Response appears to be\\
&\ Version 4 error \\
{\sc krb5_realm_cant_resolve }& Cannot resolve KDC for requested realm \\
{\sc krb5_tkt_not_forwardable }& Requesting ticket can't get forwardable tickets \\
\end{tabular}
\end{small}
\subsection{error_table kdb5}
% $Source$
% $Author$
The Kerberos v5 database library error code table
\begin{small}
\begin{tabular}{ll}
\multicolumn{2}{c}{From the server side routines} \\
{\sc krb5_kdb_inuse }& Entry already exists in database\\
{\sc krb5_kdb_uk_serror }& Database store error\\
{\sc krb5_kdb_uk_rerror }& Database read error\\
{\sc krb5_kdb_unauth }& Insufficient access to perform requested operation\\
{\sc krb5_kdb_noentry }& No such entry in the database\\
{\sc krb5_kdb_ill_wildcard }& Illegal use of wildcard\\
{\sc krb5_kdb_db_inuse }& Database is locked or in use--try again later\\
{\sc krb5_kdb_db_changed }& Database was modified during read\\
{\sc krb5_kdb_truncated_record }& Database record is incomplete or corrupted\\
{\sc krb5_kdb_recursivelock }& Attempt to lock database twice\\
{\sc krb5_kdb_notlocked }& Attempt to unlock database when not locked\\
{\sc krb5_kdb_badlockmode }& Invalid kdb lock mode\\
{\sc krb5_kdb_dbnotinited }& Database has not been initialized\\
{\sc krb5_kdb_dbinited }& Database has already been initialized\\
{\sc krb5_kdb_illdirection }& Bad direction for converting keys\\
{\sc krb5_kdb_nomasterkey }& Cannot find master key record in database\\
{\sc krb5_kdb_badmasterkey }& Master key does not match database\\
{\sc krb5_kdb_invalidkeysize }& Key size in database is invalid\\
{\sc krb5_kdb_cantread_stored }& Cannot find/read stored master key\\
{\sc krb5_kdb_badstored_mkey }& Stored master key is corrupted\\
{\sc krb5_kdb_cantlock_db }& Insufficient access to lock database \\
{\sc krb5_kdb_db_corrupt }& Database format error\\
{\sc krb5_kdb_bad_version }& Unsupported version in database entry \\
\end{tabular}
\end{small}
% $Source$
% $Author$
\subsection{error_table kv5m}
The Kerberos v5 magic numbers errorcode table follows. These are used
for the magic numbers found in data structures.
\begin{small}
\begin{tabular}{ll}
{\sc kv5m_none }& Kerberos V5 magic number table \\
{\sc kv5m_principal }& Bad magic number for krb5_principal structure \\
{\sc kv5m_data }& Bad magic number for krb5_data structure \\
{\sc kv5m_keyblock }& Bad magic number for krb5_keyblock structure \\
{\sc kv5m_checksum }& Bad magic number for krb5_checksum structure \\
{\sc kv5m_encrypt_block }& Bad magic number for krb5_encrypt_block structure \\
{\sc kv5m_enc_data }& Bad magic number for krb5_enc_data structure \\
{\sc kv5m_cryptosystem_entry }& Bad magic number for krb5_cryptosystem_entry\\&\ structure \\
{\sc kv5m_cs_table_entry }& Bad magic number for krb5_cs_table_entry structure \\
{\sc kv5m_checksum_entry }& Bad magic number for krb5_checksum_entry structure \\
{\sc kv5m_authdata }& Bad magic number for krb5_authdata structure \\
{\sc kv5m_transited }& Bad magic number for krb5_transited structure \\
{\sc kv5m_enc_tkt_parT }& Bad magic number for krb5_enc_tkt_part structure \\
{\sc kv5m_ticket }& Bad magic number for krb5_ticket structure \\
{\sc kv5m_authenticator }& Bad magic number for krb5_authenticator structure \\
{\sc kv5m_tkt_authent }& Bad magic number for krb5_tkt_authent structure \\
{\sc kv5m_creds }& Bad magic number for krb5_creds structure \\
{\sc kv5m_last_req_entry }& Bad magic number for krb5_last_req_entry structure \\
{\sc kv5m_pa_data }& Bad magic number for krb5_pa_data structure \\
{\sc kv5m_kdc_req }& Bad magic number for krb5_kdc_req structure \\
{\sc kv5m_enc_kdc_rep_part }& Bad magic number for krb5_enc_kdc_rep_part structure \\
{\sc kv5m_kdc_rep }& Bad magic number for krb5_kdc_rep structure \\
{\sc kv5m_error }& Bad magic number for krb5_error structure \\
{\sc kv5m_ap_req }& Bad magic number for krb5_ap_req structure \\
{\sc kv5m_ap_rep }& Bad magic number for krb5_ap_rep structure \\
{\sc kv5m_ap_rep_enc_part }& Bad magic number for krb5_ap_rep_enc_part structure \\
{\sc kv5m_response }& Bad magic number for krb5_response structure \\
{\sc kv5m_safe }& Bad magic number for krb5_safe structure \\
{\sc kv5m_priv }& Bad magic number for krb5_priv structure \\
{\sc kv5m_priv_enc_part }& Bad magic number for krb5_priv_enc_part structure \\
{\sc kv5m_cred }& Bad magic number for krb5_cred structure \\
{\sc kv5m_cred_info }& Bad magic number for krb5_cred_info structure \\
{\sc kv5m_cred_enc_part }& Bad magic number for krb5_cred_enc_part structure \\
{\sc kv5m_pwd_data }& Bad magic number for krb5_pwd_data structure \\
{\sc kv5m_address }& Bad magic number for krb5_address structure \\
{\sc kv5m_keytab_entry }& Bad magic number for krb5_keytab_entry structure \\
{\sc kv5m_context }& Bad magic number for krb5_context structure \\
{\sc kv5m_os_context }& Bad magic number for krb5_os_context structure \\
\end{tabular}
\end{small}
\subsection{error_table asn1}
The Kerberos v5/ASN.1 error table mappings
\begin{small}
\begin{tabular}{ll}
{\sc asn1_bad_timeformat }& ASN.1 failed call to system time library \\
{\sc asn1_missing_field }& ASN.1 structure is missing a required field \\
{\sc asn1_misplaced_field }& ASN.1 unexpected field number \\
{\sc asn1_type_mismatch }& ASN.1 type numbers are inconsistent \\
{\sc asn1_overflow }& ASN.1 value too large \\
{\sc asn1_overrun }& ASN.1 encoding ended unexpectedly \\
{\sc asn1_bad_id }& ASN.1 identifier doesn't match expected value \\
{\sc asn1_bad_length }& ASN.1 length doesn't match expected value \\
{\sc asn1_bad_format }& ASN.1 badly-formatted encoding \\
{\sc asn1_parse_error }& ASN.1 parse error \\
\end{tabular}
\end{small}
|
