\subsection{error_table krb5}
The Kerberos v5 library error code table follows.
Protocol error codes are ERROR_TABLE_BASE_krb5 + the protocol error
code number. Other error codes start at ERROR_TABLE_BASE_krb5 + 128.
\begin{small}
\begin{tabular}{ll}
{\sc krb5kdc_err_none }& No error \\
{\sc krb5kdc_err_name_exp }& Client's entry in database has expired \\
{\sc krb5kdc_err_service_exp }& Server's entry in database has expired \\
{\sc krb5kdc_err_bad_pvno }& Requested protocol version not supported \\
{\sc krb5kdc_err_c_old_mast_kvno }& \parbox[t]{2in}{Client's key is encrypted in an old master key} \\
{\sc krb5kdc_err_s_old_mast_kvno }& \parbox[t]{2in}{Server's key is encrypted in an old master key} \\
{\sc krb5kdc_err_c_principal_unknown }& Client not found in Kerberos database \\
{\sc krb5kdc_err_s_principal_unknown }& Server not found in Kerberos database \\
{\sc krb5kdc_err_principal_not_unique }&\parbox[t]{2in}{\raggedright{Principal has multiple entries in Kerberos database}} \\
{\sc krb5kdc_err_null_key }& Client or server has a null key \\
{\sc krb5kdc_err_cannot_postdate }& Ticket is ineligible for postdating \\
{\sc krb5kdc_err_never_valid }& \parbox[t]{2in}{Requested effective lifetime is negative or too short} \\
{\sc krb5kdc_err_policy }& KDC policy rejects request \\
{\sc krb5kdc_err_badoption }& KDC can't fulfill requested option \\
{\sc krb5kdc_err_etype_nosupp }& KDC has no support for encryption type \\
{\sc krb5kdc_err_sumtype_nosupp }& KDC has no support for checksum type \\
{\sc krb5kdc_err_padata_type_nosupp }& KDC has no support for padata type \\
{\sc krb5kdc_err_trtype_nosupp }& KDC has no support for transited type \\
{\sc krb5kdc_err_client_revoked }& Clients credentials have been revoked \\
{\sc krb5kdc_err_service_revoked }& Credentials for server have been revoked \\
{\sc krb5kdc_err_tgt_revoked }& TGT has been revoked \\
{\sc krb5kdc_err_client_notyet }& Client not yet valid - try again later \\
{\sc krb5kdc_err_service_notyet }& Server not yet valid - try again later \\
{\sc krb5kdc_err_key_exp }& Password has expired \\
{\sc krb5kdc_preauth_failed }& Preauthentication failed \\
{\sc krb5kdc_err_preauth_require }& Additional pre-authentication required \\
{\sc krb5kdc_err_server_nomatch }& Requested server and ticket don't match \\
\multicolumn{2}{c}{error codes 27-30 are currently placeholders}\\
\end{tabular}
\begin{tabular}{ll}
{\sc krb5krb_ap_err_bad_integrity }& Decrypt integrity check failed \\
{\sc krb5krb_ap_err_tkt_expired }& Ticket expired \\
{\sc krb5krb_ap_err_tkt_nyv }& Ticket not yet valid \\
{\sc krb5krb_ap_err_repeat }& Request is a replay \\
{\sc krb5krb_ap_err_not_us }& The ticket isn't for us \\
{\sc krb5krb_ap_err_badmatch }& Ticket/authenticator don't match \\
{\sc krb5krb_ap_err_skew }& Clock skew too great \\
{\sc krb5krb_ap_err_badaddr }& Incorrect net address \\
{\sc krb5krb_ap_err_badversion }& Protocol version mismatch \\
{\sc krb5krb_ap_err_msg_type }& Invalid message type \\
{\sc krb5krb_ap_err_modified }& Message stream modified \\
{\sc krb5krb_ap_err_badorder }& Message out of order \\
{\sc krb5placehold_43 }& KRB5 error code 43 \\
{\sc krb5krb_ap_err_badkeyver }& Key version is not available \\
{\sc krb5krb_ap_err_nokey }& Service key not available \\
{\sc krb5krb_ap_err_mut_fail }& Mutual authentication failed \\
{\sc krb5krb_ap_err_baddirection }& Incorrect message direction \\
{\sc krb5krb_ap_err_method }& Alternative authentication method required \\
{\sc krb5krb_ap_err_badseq }& Incorrect sequence number in message \\
{\sc krb5krb_ap_err_inapp_cksum }& Inappropriate type of checksum in message \\
\multicolumn{2}{c}{error codes 51-59 are currently placeholders} \\
{\sc krb5krb_err_generic }& Generic error (see e-text) \\
{\sc krb5krb_err_field_toolong }& Field is too long for this implementation \\
\multicolumn{2}{c}{error codes 62-127 are currently placeholders} \\
\end{tabular}
\begin{tabular}{ll}
{\sc krb5_libos_badlockflag }& Invalid flag for file lock mode \\
{\sc krb5_libos_cantreadpwd }& Cannot read password \\
{\sc krb5_libos_badpwdmatch }& Password mismatch \\
{\sc krb5_libos_pwdintr }& Password read interrupted \\
{\sc krb5_parse_illchar }& Illegal character in component name \\
{\sc krb5_parse_malformed }& Malformed representation of principal \\
{\sc krb5_config_cantopen }& Can't open/find configuration file \\
{\sc krb5_config_badformat }& Improper format of configuration file \\
{\sc krb5_config_notenufspace }& Insufficient space to return complete information \\
{\sc krb5_badmsgtype }& Invalid message type specified for encoding \\
{\sc krb5_cc_badname }& Credential cache name malformed \\
{\sc krb5_cc_unknown_type }& Unknown credential cache type \\
{\sc krb5_cc_notfound }& Matching credential not found \\
{\sc krb5_cc_end }& End of credential cache reached \\
{\sc krb5_no_tkt_supplied }& Request did not supply a ticket \\
{\sc krb5krb_ap_wrong_princ }& Wrong principal in request \\
{\sc krb5krb_ap_err_tkt_invalid }& Ticket has invalid flag set \\
{\sc krb5_princ_nomatch }& Requested principal and ticket don't match \\
{\sc krb5_kdcrep_modified }& KDC reply did not match expectations \\
{\sc krb5_kdcrep_skew }& Clock skew too great in KDC reply \\
{\sc krb5_in_tkt_realm_mismatch }&\parbox[t]{2.5 in}{Client/server realm
mismatch in initial ticket requst}\\
{\sc krb5_prog_etype_nosupp }& Program lacks support for encryption type \\
{\sc krb5_prog_keytype_nosupp }& Program lacks support for key type \\
{\sc krb5_wrong_etype }& Requested encryption type not used in message \\
{\sc krb5_prog_sumtype_nosupp }& Program lacks support for checksum type \\
{\sc krb5_realm_unknown }& Cannot find KDC for requested realm \\
{\sc krb5_service_unknown }& Kerberos service unknown \\
{\sc krb5_kdc_unreach }& Cannot contact any KDC for requested realm \\
{\sc krb5_no_localname }& No local name found for principal name \\
\end{tabular}
\begin{tabular}{ll}
{\sc krb5_rc_type_exists }& Replay cache type is already registered \\
{\sc krb5_rc_malloc }& No more memory to allocate (in replay cache code) \\
{\sc krb5_rc_type_notfound }& Replay cache type is unknown \\
{\sc krb5_rc_unknown }& Generic unknown RC error \\
{\sc krb5_rc_replay }& Message is a replay \\
{\sc krb5_rc_io }& Replay I/O operation failed XXX \\
{\sc krb5_rc_noio }& \parbox[t]{3in}{Replay cache type does not support non-volatile storage} \\
{\sc krb5_rc_parse }& Replay cache name parse/format error \\
{\sc krb5_rc_io_eof }& End-of-file on replay cache I/O \\
{\sc krb5_rc_io_malloc }& \parbox[t]{3in}{No more memory to allocate (in replay cache I/O code)}\\
{\sc krb5_rc_io_perm }& Permission denied in replay cache code \\
{\sc krb5_rc_io_io }& I/O error in replay cache i/o code \\
{\sc krb5_rc_io_unknown }& Generic unknown RC/IO error \\
{\sc krb5_rc_io_space }& Insufficient system space to store replay information \\
{\sc krb5_trans_cantopen }& Can't open/find realm translation file \\
{\sc krb5_trans_badformat }& Improper format of realm translation file \\
{\sc krb5_lname_cantopen }& Can't open/find lname translation database \\
{\sc krb5_lname_notrans }& No translation available for requested principal \\
{\sc krb5_lname_badformat }& Improper format of translation database entry \\
{\sc krb5_crypto_internal }& Cryptosystem internal error \\
{\sc krb5_kt_badname }& Key table name malformed \\
{\sc krb5_kt_unknown_type }& Unknown Key table type \\
{\sc krb5_kt_notfound }& Key table entry not found \\
{\sc krb5_kt_end }& End of key table reached \\
{\sc krb5_kt_nowrite }& Cannot write to specified key table \\
{\sc krb5_kt_ioerr }& Error writing to key table \\
{\sc krb5_no_tkt_in_rlm }& Cannot find ticket for requested realm \\
{\sc krb5des_bad_keypar }& DES key has bad parity \\
{\sc krb5des_weak_key }& DES key is a weak key \\
{\sc krb5_bad_keytype }& Keytype is incompatible with encryption type \\
{\sc krb5_bad_keysize }& Key size is incompatible with encryption type \\
{\sc krb5_bad_msize }& Message size is incompatible with encryption type \\
{\sc krb5_cc_type_exists }& Credentials cache type is already registered. \\
{\sc krb5_kt_type_exists }& Key table type is already registered. \\
{\sc krb5_cc_io }& Credentials cache I/O operation failed XXX \\
{\sc krb5_fcc_perm }& Credentials cache file permissions incorrect \\
{\sc krb5_fcc_nofile }& No credentials cache file found \\
{\sc krb5_fcc_internal }& Internal file credentials cache error \\
{\sc krb5_cc_nomem }& \parbox[t]{3in}{No more memory to allocate (in credentials cache code)}\\
\end{tabular}
\begin{tabular}{ll}
\multicolumn{2}{c}{errors for dual TGT library calls} \\
{\sc krb5_invalid_flags }& Invalid KDC option combination (library internal error) \\
{\sc krb5_no_2nd_tkt }& Request missing second ticket \\
{\sc krb5_nocreds_supplied }& No credentials supplied to library routine \\
\end{tabular}
\begin{tabular}{ll}
\multicolumn{2}{c}{errors for sendauth and recvauth} \\
{\sc krb5_sendauth_badauthvers }& Bad sendauth version was sent \\
{\sc krb5_sendauth_badapplvers }& Bad application version was sent (via sendauth) \\
{\sc krb5_sendauth_badresponse }& Bad response (during sendauth exchange) \\
{\sc krb5_sendauth_rejected }& Server rejected authentication\\
& \ (during sendauth exchange) \\
{\sc krb5_sendauth_mutual_failed }& Mutual authentication failed\\&\ (during sendauth exchange) \\
\end{tabular}
\begin{tabular}{ll}
\multicolumn{2}{c}{errors for preauthentication} \\
{\sc krb5_preauth_bad_type }& Unsupported preauthentication type \\
{\sc krb5_preauth_no_key }& Required preauthentication key not supplied \\
{\sc krb5_preauth_failed }& Generic preauthentication failure \\
\end{tabular}
\begin{tabular}{ll}
\multicolumn{2}{c}{version number errors} \\
{\sc krb5_rcache_badvno }& Unsupported replay cache format version number \\
{\sc krb5_ccache_badvno }& Unsupported credentials cache format version number \\
{\sc krb5_keytab_badvno }& Unsupported key table format version number \\
\end{tabular}
\begin{tabular}{ll}
\multicolumn{2}{c}{other errors} \\
{\sc krb5_prog_atype_nosupp }& Program lacks support for address type \\
{\sc krb5_rc_required }& Message replay detection requires\\&\ rcache parameter \\
{\sc krb5_err_bad_hostname }& Hostname cannot be canonicalized \\
{\sc krb5_err_host_realm_unknown }& Cannot determine realm for host \\
{\sc krb5_sname_unsupp_nametype }& Conversion to service principal undefined\\&\ for name type \\
{\sc krb5krb_ap_err_v4_reply }& Initial Ticket Response appears to be\\
&\ Version 4 error \\
{\sc krb5_realm_cant_resolve }& Cannot resolve KDC for requested realm \\
{\sc krb5_tkt_not_forwardable }& Requesting ticket can't get forwardable tickets \\
\end{tabular}
\end{small}
\subsection{error_table kdb5}
The Kerberos v5 database library error code table
\begin{small}
\begin{tabular}{ll}
\multicolumn{2}{c}{From the server side routines} \\
{\sc krb5_kdb_inuse }& Entry already exists in database\\
{\sc krb5_kdb_uk_serror }& Database store error\\
{\sc krb5_kdb_uk_rerror }& Database read error\\
{\sc krb5_kdb_unauth }& Insufficient access to perform requested operation\\
{\sc krb5_kdb_noentry }& No such entry in the database\\
{\sc krb5_kdb_ill_wildcard }& Illegal use of wildcard\\
{\sc krb5_kdb_db_inuse }& Database is locked or in use--try again later\\
{\sc krb5_kdb_db_changed }& Database was modified during read\\
{\sc krb5_kdb_truncated_record }& Database record is incomplete or corrupted\\
{\sc krb5_kdb_recursivelock }& Attempt to lock database twice\\
{\sc krb5_kdb_notlocked }& Attempt to unlock database when not locked\\
{\sc krb5_kdb_badlockmode }& Invalid kdb lock mode\\
{\sc krb5_kdb_dbnotinited }& Database has not been initialized\\
{\sc krb5_kdb_dbinited }& Database has already been initialized\\
{\sc krb5_kdb_illdirection }& Bad direction for converting keys\\
{\sc krb5_kdb_nomasterkey }& Cannot find master key record in database\\
{\sc krb5_kdb_badmasterkey }& Master key does not match database\\
{\sc krb5_kdb_invalidkeysize }& Key size in database is invalid\\
{\sc krb5_kdb_cantread_stored }& Cannot find/read stored master key\\
{\sc krb5_kdb_badstored_mkey }& Stored master key is corrupted\\
{\sc krb5_kdb_cantlock_db }& Insufficient access to lock database \\
{\sc krb5_kdb_db_corrupt }& Database format error\\
{\sc krb5_kdb_bad_version }& Unsupported version in database entry \\
\end{tabular}
\end{small}
\subsection{error_table kv5m}
The Kerberos v5 magic numbers errorcode table follows. These are used
for the magic numbers found in data structures.
\begin{small}
\begin{tabular}{ll}
{\sc kv5m_none }& Kerberos V5 magic number table \\
{\sc kv5m_principal }& Bad magic number for krb5_principal structure \\
{\sc kv5m_data }& Bad magic number for krb5_data structure \\
{\sc kv5m_keyblock }& Bad magic number for krb5_keyblock structure \\
{\sc kv5m_checksum }& Bad magic number for krb5_checksum structure \\
{\sc kv5m_encrypt_block }& Bad magic number for krb5_encrypt_block structure \\
{\sc kv5m_enc_data }& Bad magic number for krb5_enc_data structure \\
{\sc kv5m_cryptosystem_entry }& Bad magic number for krb5_cryptosystem_entry\\&\ structure \\
{\sc kv5m_cs_table_entry }& Bad magic number for krb5_cs_table_entry structure \\
{\sc kv5m_checksum_entry }& Bad magic number for krb5_checksum_entry structure \\
{\sc kv5m_authdata }& Bad magic number for krb5_authdata structure \\
{\sc kv5m_transited }& Bad magic number for krb5_transited structure \\
{\sc kv5m_enc_tkt_parT }& Bad magic number for krb5_enc_tkt_part structure \\
{\sc kv5m_ticket }& Bad magic number for krb5_ticket structure \\
{\sc kv5m_authenticator }& Bad magic number for krb5_authenticator structure \\
{\sc kv5m_tkt_authent }& Bad magic number for krb5_tkt_authent structure \\
{\sc kv5m_creds }& Bad magic number for krb5_creds structure \\
{\sc kv5m_last_req_entry }& Bad magic number for krb5_last_req_entry structure \\
{\sc kv5m_pa_data }& Bad magic number for krb5_pa_data structure \\
{\sc kv5m_kdc_req }& Bad magic number for krb5_kdc_req structure \\
{\sc kv5m_enc_kdc_rep_part }& Bad magic number for krb5_enc_kdc_rep_part structure \\
{\sc kv5m_kdc_rep }& Bad magic number for krb5_kdc_rep structure \\
{\sc kv5m_error }& Bad magic number for krb5_error structure \\
{\sc kv5m_ap_req }& Bad magic number for krb5_ap_req structure \\
{\sc kv5m_ap_rep }& Bad magic number for krb5_ap_rep structure \\
{\sc kv5m_ap_rep_enc_part }& Bad magic number for krb5_ap_rep_enc_part structure \\
{\sc kv5m_response }& Bad magic number for krb5_response structure \\
{\sc kv5m_safe }& Bad magic number for krb5_safe structure \\
{\sc kv5m_priv }& Bad magic number for krb5_priv structure \\
{\sc kv5m_priv_enc_part }& Bad magic number for krb5_priv_enc_part structure \\
{\sc kv5m_cred }& Bad magic number for krb5_cred structure \\
{\sc kv5m_cred_info }& Bad magic number for krb5_cred_info structure \\
{\sc kv5m_cred_enc_part }& Bad magic number for krb5_cred_enc_part structure \\
{\sc kv5m_pwd_data }& Bad magic number for krb5_pwd_data structure \\
{\sc kv5m_address }& Bad magic number for krb5_address structure \\
{\sc kv5m_keytab_entry }& Bad magic number for krb5_keytab_entry structure \\
{\sc kv5m_context }& Bad magic number for krb5_context structure \\
{\sc kv5m_os_context }& Bad magic number for krb5_os_context structure \\
\end{tabular}
\end{small}
\subsection{error_table asn1}
The Kerberos v5/ASN.1 error table mappings
\begin{small}
\begin{tabular}{ll}
{\sc asn1_bad_timeformat }& ASN.1 failed call to system time library \\
{\sc asn1_missing_field }& ASN.1 structure is missing a required field \\
{\sc asn1_misplaced_field }& ASN.1 unexpected field number \\
{\sc asn1_type_mismatch }& ASN.1 type numbers are inconsistent \\
{\sc asn1_overflow }& ASN.1 value too large \\
{\sc asn1_overrun }& ASN.1 encoding ended unexpectedly \\
{\sc asn1_bad_id }& ASN.1 identifier doesn't match expected value \\
{\sc asn1_bad_length }& ASN.1 length doesn't match expected value \\
{\sc asn1_bad_format }& ASN.1 badly-formatted encoding \\
{\sc asn1_parse_error }& ASN.1 parse error \\
\end{tabular}
\end{small}