The Kerberos v5 library error code table follows. Protocol error codes are ERROR_TABLE_BASE_krb5 + the protocol error code number. Other error codes start at ERROR_TABLE_BASE_krb5 + 128.
KRB5KDC_ERR_NONE | No error |
KRB5KDC_ERR_NAME_EXP | Client's entry in database has expired |
KRB5KDC_ERR_SERVICE_EXP | Server's entry in database has expired |
KRB5KDC_ERR_BAD_PVNO | Requested protocol version not supported |
KRB5KDC_ERR_C_OLD_MAST_KVNO | Client's key is encrypted in an old master key |
KRB5KDC_ERR_S_OLD_MAST_KVNO | Server's key is encrypted in an old master key |
KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN | Client not found in Kerberos database |
KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN | Server not found in Kerberos database |
KRB5KDC_ERR_PRINCIPAL_NOT_UNIQUE | Principal has multiple entries in Kerberos database |
KRB5KDC_ERR_NULL_KEY | Client or server has a null key |
KRB5KDC_ERR_CANNOT_POSTDATE | Ticket is ineligible for postdating |
KRB5KDC_ERR_NEVER_VALID | Requested effective lifetime is negative or too short |
KRB5KDC_ERR_POLICY | KDC policy rejects request |
KRB5KDC_ERR_BADOPTION | KDC can't fulfill requested option |
KRB5KDC_ERR_ETYPE_NOSUPP | KDC has no support for encryption type |
KRB5KDC_ERR_SUMTYPE_NOSUPP | KDC has no support for checksum type |
KRB5KDC_ERR_PADATA_TYPE_NOSUPP | KDC has no support for padata type |
KRB5KDC_ERR_TRTYPE_NOSUPP | KDC has no support for transited type |
KRB5KDC_ERR_CLIENT_REVOKED | Clients credentials have been revoked |
KRB5KDC_ERR_SERVICE_REVOKED | Credentials for server have been revoked |
KRB5KDC_ERR_TGT_REVOKED | TGT has been revoked |
KRB5KDC_ERR_CLIENT_NOTYET | Client not yet valid - try again later |
KRB5KDC_ERR_SERVICE_NOTYET | Server not yet valid - try again later |
KRB5KDC_ERR_KEY_EXP | Password has expired |
KRB5KDC_PREAUTH_FAILED | Preauthentication failed |
KRB5KDC_ERR_PREAUTH_REQUIRE | Additional pre-authentication required |
KRB5KDC_ERR_SERVER_NOMATCH | Requested server and ticket don't match |
error codes 27-30 are currently placeholders | |
KRB5KRB_AP_ERR_BAD_INTEGRITY | Decrypt integrity check failed |
KRB5KRB_AP_ERR_TKT_EXPIRED | Ticket expired |
KRB5KRB_AP_ERR_TKT_NYV | Ticket not yet valid |
KRB5KRB_AP_ERR_REPEAT | Request is a replay |
KRB5KRB_AP_ERR_NOT_US | The ticket isn't for us |
KRB5KRB_AP_ERR_BADMATCH | Ticket/authenticator don't match |
KRB5KRB_AP_ERR_SKEW | Clock skew too great |
KRB5KRB_AP_ERR_BADADDR | Incorrect net address |
KRB5KRB_AP_ERR_BADVERSION | Protocol version mismatch |
KRB5KRB_AP_ERR_MSG_TYPE | Invalid message type |
KRB5KRB_AP_ERR_MODIFIED | Message stream modified |
KRB5KRB_AP_ERR_BADORDER | Message out of order |
KRB5PLACEHOLD_43 | KRB5 error code 43 |
KRB5KRB_AP_ERR_BADKEYVER | Key version is not available |
KRB5KRB_AP_ERR_NOKEY | Service key not available |
KRB5KRB_AP_ERR_MUT_FAIL | Mutual authentication failed |
KRB5KRB_AP_ERR_BADDIRECTION | Incorrect message direction |
KRB5KRB_AP_ERR_METHOD | Alternative authentication method required |
KRB5KRB_AP_ERR_BADSEQ | Incorrect sequence number in message |
KRB5KRB_AP_ERR_INAPP_CKSUM | Inappropriate type of checksum in message |
error codes 51-59 are currently placeholders | |
KRB5KRB_ERR_GENERIC | Generic error (see e-text) |
KRB5KRB_ERR_FIELD_TOOLONG | Field is too long for this implementation |
error codes 62-127 are currently placeholders |
KRB5_LIBOS_BADLOCKFLAG | Invalid flag for file lock mode |
KRB5_LIBOS_CANTREADPWD | Cannot read password |
KRB5_LIBOS_BADPWDMATCH | Password mismatch |
KRB5_LIBOS_PWDINTR | Password read interrupted |
KRB5_PARSE_ILLCHAR | Illegal character in component name |
KRB5_PARSE_MALFORMED | Malformed representation of principal |
KRB5_CONFIG_CANTOPEN | Can't open/find configuration file |
KRB5_CONFIG_BADFORMAT | Improper format of configuration file |
KRB5_CONFIG_NOTENUFSPACE | Insufficient space to return complete information |
KRB5_BADMSGTYPE | Invalid message type specified for encoding |
KRB5_CC_BADNAME | Credential cache name malformed |
KRB5_CC_UNKNOWN_TYPE | Unknown credential cache type |
KRB5_CC_NOTFOUND | Matching credential not found |
KRB5_CC_END | End of credential cache reached |
KRB5_NO_TKT_SUPPLIED | Request did not supply a ticket |
KRB5KRB_AP_WRONG_PRINC | Wrong principal in request |
KRB5KRB_AP_ERR_TKT_INVALID | Ticket has invalid flag set |
KRB5_PRINC_NOMATCH | Requested principal and ticket don't match |
KRB5_KDCREP_MODIFIED | KDC reply did not match expectations |
KRB5_KDCREP_SKEW | Clock skew too great in KDC reply |
KRB5_IN_TKT_REALM_MISMATCH | Client/server realm mismatch in initial ticket requst |
KRB5_PROG_ETYPE_NOSUPP | Program lacks support for encryption type |
KRB5_PROG_KEYTYPE_NOSUPP | Program lacks support for key type |
KRB5_WRONG_ETYPE | Requested encryption type not used in message |
KRB5_PROG_SUMTYPE_NOSUPP | Program lacks support for checksum type |
KRB5_REALM_UNKNOWN | Cannot find KDC for requested realm |
KRB5_SERVICE_UNKNOWN | Kerberos service unknown |
KRB5_KDC_UNREACH | Cannot contact any KDC for requested realm |
KRB5_NO_LOCALNAME | No local name found for principal name |
KRB5_RC_TYPE_EXISTS | Replay cache type is already registered |
KRB5_RC_MALLOC | No more memory to allocate (in replay cache code) |
KRB5_RC_TYPE_NOTFOUND | Replay cache type is unknown |
KRB5_RC_UNKNOWN | Generic unknown RC error |
KRB5_RC_REPLAY | Message is a replay |
KRB5_RC_IO | Replay I/O operation failed XXX |
KRB5_RC_NOIO | Replay cache type does not support non-volatile storage |
KRB5_RC_PARSE | Replay cache name parse/format error |
KRB5_RC_IO_EOF | End-of-file on replay cache I/O |
KRB5_RC_IO_MALLOC | No more memory to allocate (in replay cache I/O code) |
KRB5_RC_IO_PERM | Permission denied in replay cache code |
KRB5_RC_IO_IO | I/O error in replay cache i/o code |
KRB5_RC_IO_UNKNOWN | Generic unknown RC/IO error |
KRB5_RC_IO_SPACE | Insufficient system space to store replay information |
KRB5_TRANS_CANTOPEN | Can't open/find realm translation file |
KRB5_TRANS_BADFORMAT | Improper format of realm translation file |
KRB5_LNAME_CANTOPEN | Can't open/find lname translation database |
KRB5_LNAME_NOTRANS | No translation available for requested principal |
KRB5_LNAME_BADFORMAT | Improper format of translation database entry |
KRB5_CRYPTO_INTERNAL | Cryptosystem internal error |
KRB5_KT_BADNAME | Key table name malformed |
KRB5_KT_UNKNOWN_TYPE | Unknown Key table type |
KRB5_KT_NOTFOUND | Key table entry not found |
KRB5_KT_END | End of key table reached |
KRB5_KT_NOWRITE | Cannot write to specified key table |
KRB5_KT_IOERR | Error writing to key table |
KRB5_NO_TKT_IN_RLM | Cannot find ticket for requested realm |
KRB5DES_BAD_KEYPAR | DES key has bad parity |
KRB5DES_WEAK_KEY | DES key is a weak key |
KRB5_BAD_KEYTYPE | Keytype is incompatible with encryption type |
KRB5_BAD_KEYSIZE | Key size is incompatible with encryption type |
KRB5_BAD_MSIZE | Message size is incompatible with encryption type |
KRB5_CC_TYPE_EXISTS | Credentials cache type is already registered. |
KRB5_KT_TYPE_EXISTS | Key table type is already registered. |
KRB5_CC_IO | Credentials cache I/O operation failed XXX |
KRB5_FCC_PERM | Credentials cache file permissions incorrect |
KRB5_FCC_NOFILE | No credentials cache file found |
KRB5_FCC_INTERNAL | Internal file credentials cache error |
KRB5_CC_NOMEM | No more memory to allocate (in credentials cache code) |
errors for dual TGT library calls | |
KRB5_INVALID_FLAGS | Invalid KDC option combination (library internal error) |
KRB5_NO_2ND_TKT | Request missing second ticket |
KRB5_NOCREDS_SUPPLIED | No credentials supplied to library routine |
errors for sendauth and recvauth | |
KRB5_SENDAUTH_BADAUTHVERS | Bad sendauth version was sent |
KRB5_SENDAUTH_BADAPPLVERS | Bad application version was sent (via sendauth) |
KRB5_SENDAUTH_BADRESPONSE | Bad response (during sendauth exchange) |
KRB5_SENDAUTH_REJECTED | Server rejected authentication |
(during sendauth exchange) | |
KRB5_SENDAUTH_MUTUAL_FAILED | Mutual authentication failed |
(during sendauth exchange) | |
errors for preauthentication | |
KRB5_PREAUTH_BAD_TYPE | Unsupported preauthentication type |
KRB5_PREAUTH_NO_KEY | Required preauthentication key not supplied |
KRB5_PREAUTH_FAILED | Generic preauthentication failure |
version number errors | |
KRB5_RCACHE_BADVNO | Unsupported replay cache format version number |
KRB5_CCACHE_BADVNO | Unsupported credentials cache format version number |
KRB5_KEYTAB_BADVNO | Unsupported key table format version number |
other errors | |
KRB5_PROG_ATYPE_NOSUPP | Program lacks support for address type |
KRB5_RC_REQUIRED | Message replay detection requires |
rcache parameter | |
KRB5_ERR_BAD_HOSTNAME | Hostname cannot be canonicalized |
KRB5_ERR_HOST_REALM_UNKNOWN | Cannot determine realm for host |
KRB5_SNAME_UNSUPP_NAMETYPE | Conversion to service principal undefined |
for name type | |
KRB5KRB_AP_ERR_V4_REPLY | Initial Ticket Response appears to be |
Version 4 error | |
KRB5_REALM_CANT_RESOLVE | Cannot resolve KDC for requested realm |
KRB5_TKT_NOT_FORWARDABLE | Requesting ticket can't get forwardable tickets |