Appendix A. CSP-Kerberos Files and Error Messages
Prev   Next

Appendix A. CSP-Kerberos Files and Error Messages

The definition files and error messages listed in this chapter are shipped by default with CSP-Kerberos. The same example realm and domain names used in the text have been used in these examples.

CSP-Kerberos Files

The krb5.conf File

Normally, you should install your krb5.conf file in the directory /etc. However, note that you can override this default through the environment variable KRB5_CONFIG.

Here is an example of a generic krb5.conf file:

[libdefaults]
ticket_lifetime = 600
default_realm = yoursite.com
default_tkt_enctypes = des-cbc-crc
default_tgs_enctypes = des-cbc-crc
[realms]
yoursite.com = {
kdc = KDCSERVER.yoursite.com:88
kdc = KDCSLAVE1.yoursite.com:88
kdc = KDCSLAVE2.yoursite.com:88
admin_server = KDCSERVER.yoursite.com:749
default_domain = yoursite.com
}
}
[domain_realm]
.yoursite.com = yoursite.com
 yoursite.com = yoursite.com
[logging]
kdc = FILE:/dev/ttyp9
admin_server = FILE:/dev/ttyp9
default = FILE:/dev/ttyp9

Here is an example of a more extensive krb5.conf file, which includes a second CSP-Kerberos realm and authentication to MIT Kerberos V4 as well as V5 KDCs in the realm yoursite.com:

[libdefaults]
ticket_lifetime = 600
default_realm = yoursite.com
default_tkt_enctypes = des-cbc-crc
default_tgs_enctypes = des-cbc-crc
krb4_srvtab = /etc/srvtab
krb4_config = /krb4/lib/krb.conf
krb4_realms = /krb4/lib/krb.realms
[realms]
yoursite.com = {
kdc = KDCSERVER.yoursite.com:88
kdc = KDCSLAVE1.yoursite.com:88
kdc = KDCSLAVE2.yoursite.com:88
admin_server = KDCSERVER.yoursite.com:749
default_domain = yoursite.com
v4_instance_convert = {
bleep = yoursite.com
 }
 }
theirsite.com = {
kdc = KDCSERVER.theirsite.com
kdc = KDCSLAVE1.theirsite.com
admin_server = KDCSERVER.theirsite.com
}
[domain_realm]
.yoursite.com = yoursite.com
yoursite.com = yoursite.com
.theirsite.com = theirsite.com
theirsite.com = theirsite.com

For the KDCs, add a section onto the end of the krb5.conf file specifying the locations of the kdc.conf file, as in the following example:

[kdc]
profile = ROOTDIR/etc/kdc.conf
[logging]
admin_server = FILE:ROOTDIR/krb5/lib/krb5kdc/kadmind.log
kdc = FILE:ROOTDIR/krb5/lib/krb5kdc/kdc.log
default = CONSOLE

The kdc.conf File

Normally, you should install your kdc.conf file in the directory /krb5/lib/krb5kdc. However, note that you can override this default by a pointer in the KDC's krb5.conf file, or through the environment variable KRB5_KDC_PROFILE.

Here's an example of a kdc.conf file:

[kdcdefaults]
kdc_ports = 88,750
[realms]
yoursite.com = {
profile = /etc/krb5.conf
database_name = krb5/lib/krb5kdc/principal
admin_database_name = /krb5/lib/krb5kdc/principal.kadm5
admin_database_lockfile = /krb5/lib/krb5kdc/principal.kadm5.lock
admin_keytab = /krb5/lib/krb5kdc/kadm5.keytab
acl_file = /krb5/lib/krb5kdc/kadm5.acl
dict_file = /krb5/lib/krb5kdc/kadm5.dict
key_stash_file = /krb5/lib/krb5kdc/.k5.yoursite.com
kadmind_port = 749
max_life = 10h 0m 0s
max_renewable_life = 7d 0h 0m 0s
master_key_type = des-cbc-crc
supported_enctypes = des-cbc-crc:normal
}

To add MIT Kerberos V4 support, change the supported_enctypes line to:

supported_enctypes = des-cbc-crc:normal des-cbc-crc:v4

CSP-Kerberos Error Messages

V5 Library Error Codes

This is the CSP-Kerberos v5 library error code list. Protocol error codes are as follows:

ERROR_TABLE_BASE_krb5 + the protocol error code number

Other error codes start at: ERROR_TABLE_BASE_krb5 + 128.

KRB5KDC_ERR_NONE 


No error

KRB5KDC_ERR_NAME_EXP 


Client's entry in database has expired

KRB5KDC_ERR_SERVICE_EXP 


Server's entry in database has expired

KRB5KDC_ERR_BAD_PVNO 


Requested protocol version not supported

KRB5KDC_ERR_C_OLD_MAST_KVNO 


Client's key is encrypted in an old master key

KRB5KDC_ERR_S_OLD_MAST_KVNO 


Server's key is encrypted in an old master key

KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN 


Client not found in CSP-Kerberos database

KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN 


Server not found in CSP-Kerberos database

KRB5KDC_ERR_PRINCIPAL_NOT_UNIQUE 


Principal has multiple entries in CSP-Kerberos database

KRB5KDC_ERR_NULL_KEY 


Client or server has a null key

KRB5KDC_ERR_CANNOT_POSTDATE 


Ticket is ineligible for postdating

KRB5KDC_ERR_NEVER_VALID 


Requested effective lifetime is negative or too short

KRB5KDC_ERR_POLICY 


KDC policy rejects request

KRB5KDC_ERR_BADOPTION 


KDC can't fulfill requested option

KRB5KDC_ERR_ETYPE_NOSUPP 


KDC has no support for encryption type

KRB5KDC_ERR_SUMTYPE_NOSUPP 


KDC has no support for checksum type

KRB5KDC_ERR_PADATA_TYPE_NOSUPP 


KDC has no support for padata type

KRB5KDC_ERR_TRTYPE_NOSUPP 


KDC has no support for transited type

KRB5KDC_ERR_CLIENT_REVOKED 


Clients credentials have been revoked

KRB5KDC_ERR_SERVICE_REVOKED 


Credentials for server have been revoked

KRB5KDC_ERR_TGT_REVOKED 


TGT has been revoked

KRB5KDC_ERR_CLIENT_NOTYET 


Client not yet valid - try again later

KRB5KDC_ERR_SERVICE_NOTYET 


Server not yet valid - try again later

KRB5KDC_ERR_KEY_EXP 


Password has expired

KRB5KDC_ERR_PREAUTH_FAILED 


Preauthentication failed

KRB5KDC_ERR_PREAUTH_REQUIRED 


Additional pre-authentication required

KRB5KDC_ERR_PREAUTH_REQUIRED 


Additional preauthentication required

KRB5KDC_ERR_SERVER_NOMATCH 


Requested server and ticket don't match

KRB5PLACEHOLD_27 


KRB5 error code 27

KRB5PLACEHOLD_28 


KRB5 error code 28

KRB5PLACEHOLD_29 


KRB5 error code 29

KRB5PLACEHOLD_30 


KRB5 error code 30

KRB5KRB_AP_ERR_BAD_INTEGRITY 


Decrypt integrity check failed

KRB5KRB_AP_ERR_TKT_EXPIRED 


Ticket expired

KRB5KRB_AP_ERR_TKT_NYV 


Ticket not yet valid

KRB5KRB_AP_ERR_REPEAT 


Request is a replay

KRB5KRB_AP_ERR_NOT_US 


The ticket isn't for us

KRB5KRB_AP_ERR_BADMATCH 


Ticket/authenticator don't match

KRB5KRB_AP_ERR_SKEW 


Clock skew too great

KRB5KRB_AP_ERR_BADADDR 


Incorrect net address

KRB5KRB_AP_ERR_BADVERSION 


Protocol version mismatch

KRB5KRB_AP_ERR_MSG_TYPE 


Invalid message type

KRB5KRB_AP_ERR_MODIFIED 


Message stream modified

KRB5KRB_AP_ERR_BADORDER 


Message out of order

KRB5KRB_AP_ERR_ILL_CR_TKT 


Illegal cross-realm ticket

KRB5KRB_AP_ERR_BADKEYVER 


Key version is not available

KRB5KRB_AP_ERR_NOKEY 


Service key not available

KRB5KRB_AP_ERR_MUT_FAIL 


Mutual authentication failed

KRB5KRB_AP_ERR_BADDIRECTION 


Incorrect message direction

KRB5KRB_AP_ERR_METHOD 


Alternative authentication method required

KRB5KRB_AP_ERR_BADSEQ 


Incorrect sequence number in message

KRB5KRB_AP_ERR_INAPP_CKSUM 


Inappropriate type of checksum in message

KRB5PLACEHOLD_51 


KRB5 error code 51

KRB5PLACEHOLD_52 


KRB5 error code 52

KRB5PLACEHOLD_53 


KRB5 error code 53

KRB5PLACEHOLD_54 


KRB5 error code 54

KRB5PLACEHOLD_55 


KRB5 error code 55

KRB5PLACEHOLD_56 


KRB5 error code 56

KRB5PLACEHOLD_57 


KRB5 error code 57

KRB5PLACEHOLD_58 


KRB5 error code 58

KRB5PLACEHOLD_59 


KRB5 error code 59

KRB5KRB_ERR_GENERIC 


Generic error

KRB5KRB_ERR_FIELD_TOOLONG 


Field is too long for this implementation

KRB5PLACEHOLD_62 


KRB5 error code 62

KRB5PLACEHOLD_63 


KRB5 error code 63

KRB5PLACEHOLD_64 


KRB5 error code 64

KRB5PLACEHOLD_65 


KRB5 error code 65

KRB5PLACEHOLD_66 


KRB5 error code 66

KRB5PLACEHOLD_67 


KRB5 error code 67

KRB5PLACEHOLD_68 


KRB5 error code 68

KRB5PLACEHOLD_69 


KRB5 error code 69

KRB5PLACEHOLD_70 


KRB5 error code 70

KRB5PLACEHOLD_71 


KRB5 error code 71

KRB5PLACEHOLD_72 


KRB5 error code 72

KRB5PLACEHOLD_73 


KRB5 error code 73

KRB5PLACEHOLD_74 


KRB5 error code 74

KRB5PLACEHOLD_75 


KRB5 error code 75

KRB5PLACEHOLD_76 


KRB5 error code 76

KRB5PLACEHOLD_77 


KRB5 error code 77

KRB5PLACEHOLD_78 


KRB5 error code 78

KRB5PLACEHOLD_79 


KRB5 error code 79

KRB5PLACEHOLD_80 


KRB5 error code 80

KRB5PLACEHOLD_81 


KRB5 error code 81

KRB5PLACEHOLD_82 


KRB5 error code 82

KRB5PLACEHOLD_83 


KRB5 error code 83

KRB5PLACEHOLD_84 


KRB5 error code 84

KRB5PLACEHOLD_85 


KRB5 error code 85

KRB5PLACEHOLD_86 


KRB5 error code 86

KRB5PLACEHOLD_87 


KRB5 error code 87

KRB5PLACEHOLD_88 


KRB5 error code 88

KRB5PLACEHOLD_89 


KRB5 error code 89

KRB5PLACEHOLD_90 


KRB5 error code 90

KRB5PLACEHOLD_91 


KRB5 error code 91

KRB5PLACEHOLD_92 


KRB5 error code 92

KRB5PLACEHOLD_93 


KRB5 error code 93

KRB5PLACEHOLD_94 


KRB5 error code 94

KRB5PLACEHOLD_95 


KRB5 error code 95

KRB5PLACEHOLD_96 


KRB5 error code 96

KRB5PLACEHOLD_97 


KRB5 error code 97

KRB5PLACEHOLD_98 


KRB5 error code 98

KRB5PLACEHOLD_99 


KRB5 error code 99

KRB5PLACEHOLD_100 


KRB5 error code 100

KRB5PLACEHOLD_101 


KRB5 error code 101

KRB5PLACEHOLD_102 


KRB5 error code 102

KRB5PLACEHOLD_103 


KRB5 error code 103

KRB5PLACEHOLD_104 


KRB5 error code 104

KRB5PLACEHOLD_105 


KRB5 error code 105

KRB5PLACEHOLD_106 


KRB5 error code 106

KRB5PLACEHOLD_107 


KRB5 error code 107

KRB5PLACEHOLD_108 


KRB5 error code 108

KRB5PLACEHOLD_109 


KRB5 error code 109

KRB5PLACEHOLD_110 


KRB5 error code 110

KRB5PLACEHOLD_111 


KRB5 error code 111

KRB5PLACEHOLD_112 


KRB5 error code 112

KRB5PLACEHOLD_113 


KRB5 error code 113

KRB5PLACEHOLD_114 


KRB5 error code 114

KRB5PLACEHOLD_115 


KRB5 error code 115

KRB5PLACEHOLD_116 


KRB5 error code 116

KRB5PLACEHOLD_117 


KRB5 error code 117

KRB5PLACEHOLD_118 


KRB5 error code 118

KRB5PLACEHOLD_119 


KRB5 error code 119

KRB5PLACEHOLD_120 


KRB5 error code 120

KRB5PLACEHOLD_121 


KRB5 error code 121

KRB5PLACEHOLD_122 


KRB5 error code 122

KRB5PLACEHOLD_123 


KRB5 error code 123

KRB5PLACEHOLD_124 


KRB5 error code 124

KRB5PLACEHOLD_125 


KRB5 error code 125

KRB5PLACEHOLD_126 


KRB5 error code 126

KRB5_ERR_RCSID 


$Id: admin.texinfo,v 1.7 1996/09/09 18:29:25 jcb Exp $

KRB5_LIBOS_BADLOCKFLAG 


Invalid flag for file lock mode

KRB5_LIBOS_CANTREADPWD 


Cannot read password

KRB5_LIBOS_BADPWDMATCH 


Password mismatch

KRB5_LIBOS_PWDINTR 


Password read interrupted

KRB5_PARSE_ILLCHAR 


Illegal character in component name

KRB5_PARSE_MALFORMED 


Malformed representation of principal

KRB5_CONFIG_CANTOPEN 


Can't open/find configuration file

KRB5_CONFIG_BADFORMAT 


Improper format of configuration file

KRB5_CONFIG_NOTENUFSPACE 


Insufficient space to return complete information

KRB5_BADMSGTYPE 


Invalid message type specified for encoding

KRB5_CC_BADNAME 


Credential cache name malformed

KRB5_CC_UNKNOWN_TYPE 


Unknown credential cache type

KRB5_CC_NOTFOUND 


Matching credential not found

KRB5_CC_END 


End of credential cache reached

KRB5_NO_TKT_SUPPLIED 


Request did not supply a ticket

KRB5KRB_AP_WRONG_PRINC 


Wrong principal in request

KRB5KRB_AP_ERR_TKT_INVALID 


Ticket has invalid flag set

KRB5_PRINC_NOMATCH 


Requested principal and ticket don't match

KRB5_KDCREP_MODIFIED 


KDC reply did not match expectations

KRB5_KDCREP_SKEW 


Clock skew too great in KDC reply

KRB5_IN_TKT_REALM_MISMATCH 


Client/server realm mismatch in initial ticket request

KRB5_PROG_ETYPE_NOSUPP 


Program lacks support for encryption type

KRB5_PROG_KEYTYPE_NOSUPP 


Program lacks support for key type

KRB5_WRONG_ETYPE 


Requested encryption type not used in message

KRB5_PROG_SUMTYPE_NOSUPP 


Program lacks support for checksum type

KRB5_REALM_UNKNOWN 


Cannot find KDC for requested realm

KRB5_SERVICE_UNKNOWN 


CSP-Kerberos service unknown

KRB5_KDC_UNREACH 


Cannot contact any KDC for requested realm

KRB5_NO_LOCALNAME 


No local name found for principal name

KRB5_MUTUAL_FAILED 


Mutual authentication failed

KRB5_RC_TYPE_EXISTS 


Replay cache type is already registered

KRB5_RC_MALLOC 


No more memory to allocate (in replay cache code)

KRB5_RC_TYPE_NOTFOUND 


Replay cache type is unknown

KRB5_RC_UNKNOWN 


Generic unknown RC error

KRB5_RC_REPLAY 


Message is a replay

KRB5_RC_IO 


Replay I/O operation failed

KRB5_RC_NOIO 


Replay cache type does not support non-volatile storage

KRB5_RC_PARSE 


Replay cache name parse/format error

KRB5_RC_IO_EOF 


End-of-file on replay cache I/O

KRB5_RC_IO_MALLOC 


No more memory to allocate (in replay cache I/O code)

KRB5_RC_IO_PERM 


Permission denied in replay cache code

KRB5_RC_IO_IO 


I/O error in replay cache i/o code

KRB5_RC_IO_UNKNOWN 


Generic unknown RC/IO error

KRB5_RC_IO_SPACE 


Insufficient system space to store replay information

KRB5_TRANS_CANTOPEN 


Can't open/find realm translation file

KRB5_TRANS_BADFORMAT 


Improper format of realm translation file

KRB5_LNAME_CANTOPEN 


Can't open/find lname translation database

KRB5_LNAME_NOTRANS 


No translation available for requested principal

KRB5_LNAME_BADFORMAT 


Improper format of translation database entry

KRB5_CRYPTO_INTERNAL 


Cryptosystem internal error

KRB5_KT_BADNAME 


Key table name malformed

KRB5_KT_UNKNOWN_TYPE 


Unknown Key table type

KRB5_KT_NOTFOUND 


Key table entry not found

KRB5_KT_END 


End of key table reached

KRB5_KT_NOWRITE 


Cannot write to specified key table

KRB5_KT_IOERR 


Error writing to key table

KRB5_NO_TKT_IN_RLM 


Cannot find ticket for requested realm

KRB5DES_BAD_KEYPAR 


DES key has bad parity

KRB5DES_WEAK_KEY 


DES key is a weak key

KRB5_BAD_ENCTYPE 


Bad encryption type

KRB5_BAD_KEYSIZE 


Key size is incompatible with encryption type

KRB5_BAD_MSIZE 


Message size is incompatible with encryption type

KRB5_CC_TYPE_EXISTS 


Credentials cache type is already registered.

KRB5_KT_TYPE_EXISTS 


Key table type is already registered.

KRB5_CC_IO 


Credentials cache I/O operation failed XXX

KRB5_FCC_PERM 


Credentials cache file permissions incorrect

KRB5_FCC_NOFILE 


No credentials cache file found

KRB5_FCC_INTERNAL 


Internal file credentials cache error

KRB5_CC_WRITE 


Error writing to credentials cache file

KRB5_CC_NOMEM 


No more memory to allocate (in credentials cache code)

KRB5_CC_FORMAT 


Bad format in credentials cache

KRB5_INVALID_FLAGS 


Invalid KDC option combination (library internal error) [for dual tgt library calls]

KRB5_NO_2ND_TKT 


Request missing second ticket [for dual tgt library calls]

KRB5_NOCREDS_SUPPLIED 


No credentials supplied to library routine

KRB5_SENDAUTH_BADAUTHVERS 


Bad sendauth version was sent

KRB5_SENDAUTH_BADAPPLVERS 


Bad application version was sent (via sendauth)

KRB5_SENDAUTH_BADRESPONSE 


Bad response (during sendauth exchange)

KRB5_SENDAUTH_REJECTED 


Server rejected authentication (during sendauth exchange)

KRB5_PREAUTH_BAD_TYPE 


Unsupported preauthentication type

KRB5_PREAUTH_NO_KEY 


Required preauthentication key not supplied

KRB5_PREAUTH_FAILED 


Generic preauthentication failure

KRB5_RCACHE_BADVNO 


Unsupported replay cache format version number

KRB5_CCACHE_BADVNO 


Unsupported credentials cache format version number

KRB5_KEYTAB_BADVNO 


Unsupported key table format version number

KRB5_PROG_ATYPE_NOSUPP 


Program lacks support for address type

KRB5_RC_REQUIRED 


Message replay detection requires rcache parameter

KRB5_ERR_BAD_HOSTNAME 


Hostname cannot be canonicalized

KRB5_ERR_HOST_REALM_UNKNOWN 


Cannot determine realm for host

KRB5_SNAME_UNSUPP_NAMETYPE 


Conversion to service principal undefined for name type

KRB5KRB_AP_ERR_V4_REPLY 


Initial Ticket response appears to be Version 4 error

KRB5_REALM_CANT_RESOLVE 


Cannot resolve KDC for requested realm

KRB5_TKT_NOT_FORWARDABLE 


Requesting ticket can't get forwardable tickets

KRB5_FWD_BAD_PRINCIPAL 


Bad principal name while trying to forward credentials

KRB5_GET_IN_TKT_LOOP 


Looping detected inside krb5_get_in_tkt

KRB5_CONFIG_NODEFREALM 


Configuration file does not specify default realm

KRB5_SAM_UNSUPPORTED 


Bad SAM flags in obtain_sam_padata

CSP-Kerberos V5 Database Library Error Codes

This is the CSP-Kerberos v5 database library error code table.

KRB5_KDB_RCSID 


$Id: admin.texinfo,v 1.7 1996/09/09 18:29:25 jcb Exp $

KRB5_KDB_INUSE 


Entry already exists in database

KRB5_KDB_UK_SERROR 


Database store error

KRB5_KDB_UK_RERROR 


Database read error

KRB5_KDB_UNAUTH 


Insufficient access to perform requested operation

KRB5_KDB_NOENTRY 


No such entry in the database

KRB5_KDB_ILL_WILDCARD 


Illegal use of wildcard

KRB5_KDB_DB_INUSE 


Database is locked or in use--try again later

KRB5_KDB_DB_CHANGED 


Database was modified during read

KRB5_KDB_TRUNCATED_RECORD 


Database record is incomplete or corrupted

KRB5_KDB_RECURSIVELOCK 


Attempt to lock database twice

KRB5_KDB_NOTLOCKED 


Attempt to unlock database when not locked

KRB5_KDB_BADLOCKMODE 


Invalid kdb lock mode

KRB5_KDB_DBNOTINITED 


Database has not been initialized

KRB5_KDB_DBINITED 


Database has already been initialized

KRB5_KDB_ILLDIRECTION 


Bad direction for converting keys

KRB5_KDB_NOMASTERKEY 


Cannot find master key record in database

KRB5_KDB_BADMASTERKEY 


Master key does not match database

KRB5_KDB_INVALIDKEYSIZE 


Key size in database is invalid

KRB5_KDB_CANTREAD_STORED 


Cannot find/read stored master key

KRB5_KDB_BADSTORED_MKEY 


Stored master key is corrupted

KRB5_KDB_CANTLOCK_DB 


Insufficient access to lock database

KRB5_KDB_DB_CORRUPT 


Database format error

KRB5_KDB_BAD_VERSION 


Unsupported version in database entry

KRB5_KDB_BAD_SALTTYPE 


Unsupported salt type

KRB5_KDB_BAD_ENCTYPE 


Unsupported encryption type

CSP-Kerberos V5 Magic Numbers Error Codes

This is the CSP-Kerberos v5 magic numbers error code table.

KV5M_NONE 


CSP-Kerberos V5 magic number table

KV5M_PRINCIPAL 


Bad magic number for krb5_principal structure

KV5M_DATA 

Bad magic number for krb5_data structure

KV5M_KEYBLOCK 


Bad magic number for krb5_keyblock structure

KV5M_CHECKSUM 


Bad magic number for krb5_checksum structure

KV5M_ENCRYPT_BLOCK 


Bad magic number for krb5_encrypt_block structure

KV5M_ENC_DATA 


Bad magic number for krb5_enc_data structure

KV5M_CRYPTOSYSTEM_ENTRY 


Bad magic number for krb5_cryptosystem_entry structure

KV5M_CRYPTOSYSTEM_ENTRY 


Bad magic number for krb5_cryptosystem_entry structure

KV5M_CS_TABLE_ENTRY 


Bad magic number for krb5_cs_table_entry structure

KV5M_CHECKSUM_ENTRY 


Bad magic number for krb5_checksum_entry structure

KV5M_CHECKSUM_ENTRY 


Bad magic number for krb5_checksum_entry structure

KV5M_AUTHDATA 


Bad magic number for krb5_authdata structure

KV5M_TRANSITED 


Bad magic number for krb5_transited structure

KV5M_ENC_TKT_PART 


Bad magic number for krb5_enc_tkt_part structure

KV5M_TICKET 


Bad magic number for krb5_ticket structure

KV5M_AUTHENTICATOR 


Bad magic number for krb5_authenticator structure

KV5M_TKT_AUTHENT 


Bad magic number for krb5_tkt_authent structure

KV5M_CREDS 


Bad magic number for krb5_creds structure

KV5M_LAST_REQ_ENTRY 


Bad magic number for krb5_last_req_entry structure

KV5M_PA_DATA 


Bad magic number for krb5_pa_data structure

KV5M_KDC_REQ 


Bad magic number for krb5_kdc_req structure

KV5M_ENC_KDC_REP_PART 


Bad magic number for krb5_enc_kdc_rep_part structure

KV5M_KDC_REP 


Bad magic number for krb5_kdc_rep structure

KV5M_ERROR 


Bad magic number for krb5_error structure

KV5M_AP_REQ 


Bad magic number for krb5_ap_req structure

KV5M_AP_REP 


Bad magic number for krb5_ap_rep structure

KV5M_AP_REP_ENC_PART 


Bad magic number for krb5_ap_rep_enc_part structure

KV5M_RESPONSE 


Bad magic number for krb5_response structure

KV5M_SAFE 

Bad magic number for krb5_safe structure

KV5M_PRIV 

Bad magic number for krb5_priv structure

KV5M_PRIV_ENC_PART 


Bad magic number for krb5_priv_enc_part structure

KV5M_CRED 


Bad magic number for krb5_cred structure

KV5M_CRED_INFO 


Bad magic number for krb5_cred_info structure

KV5M_CRED_ENC_PART 


Bad magic number for krb5_cred_enc_part structure

KV5M_PWD_DATA 


Bad magic number for krb5_pwd_data structure

KV5M_ADDRESS 


Bad magic number for krb5_address structure

KV5M_KEYTAB_ENTRY 


Bad magic number for krb5_keytab_entry structure

KV5M_CONTEXT 


Bad magic number for krb5_context structure

KV5M_OS_CONTEXT 


Bad magic number for krb5_os_context structure

KV5M_ALT_METHOD 


Bad magic number for krb5_alt_method structure

KV5M_ETYPE_INFO_ENTRY 


Bad magic number for krb5_etype_info_entry structure

KV5M_DB_CONTEXT 


Bad magic number for krb5_db_context structure

KV5M_AUTH_CONTEXT 


Bad magic number for krb5_auth_context structure

KV5M_KEYTAB 


Bad magic number for krb5_keytab structure

KV5M_RCACHE 


Bad magic number for krb5_rcache structure

KV5M_CCACHE 


Bad magic number for krb5_ccache structure

KV5M_PREAUTH_OPS 


Bad magic number for krb5_preauth_ops

KV5M_SAM_CHALLENGE 


Bad magic number for krb5_sam_challenge

KV5M_SAM_KEY 


Bad magic number for krb5_sam_key

KV5M_ENC_SAM_RESPONSE_ENC 


Bad magic number for krb5_enc_sam_response_enc

KV5M_SAM_RESPONSE 


Bad magic number for krb5_sam_response

KV5M_PREDICTED_SAM_RESPONSE 


Bad magic number for krb5_predicted_sam_response

KV5M_PASSWD_PHRASE_ELEMENT 


Bad magic number for passwd_phrase_element

ASN.1 Error Codes

ASN1_BAD_TIMEFORMAT 


ASN.1 failed call to system time library

ASN1_MISSING_FIELD 


ASN.1 structure is missing a required field

ASN1_MISPLACED_FIELD 


ASN.1 unexpected field number

ASN1_TYPE_MISMATCH 


ASN.1 type numbers are inconsistent

ASN1_OVERFLOW 


ASN.1 value too large

ASN1_OVERRUN 


ASN.1 encoding ended unexpectedly

ASN1_BAD_ID 


ASN.1 identifier doesn't match expected value

ASN1_BAD_LENGTH 


ASN.1 length doesn't match expected value

ASN1_BAD_FORMAT 


ASN.1 badly-formatted encoding

ASN1_PARSE_ERROR 


ASN.1 parse error

GSSAPI Error Codes

G_BAD_SERVICE_NAME 


No @ in SERVICE-NAME name string

G_BAD_STRING_UID 


STRING-UID-NAME contains nondigits

G_NOUSER 

UID does not resolve to username

G_VALIDATE_FAILED 


Validation error

G_BUFFER_ALLOC 


Couldn't allocate gss_buffer_t data

G_BAD_MSG_CTX 


Message context invalid

G_WRONG_SIZE 


Buffer is the wrong size

G_BAD_USAGE 


Credential usage type is unknown

G_UNKNOWN_QOP 


Unknown quality of protection specified

G_BAD_HOSTNAME 


Hostname in SERVICE-NAME string could not be canonicalized

KG_CCACHE_NOMATCH 


Principal in credential cache does not match desired name

KG_KEYTAB_NOMATCH 


No principal in keytab matches desired name

KG_TGT_MISSING 


Credential cache has no TGT

KG_NO_SUBKEY 


Authenticator has no subkey

KG_CONTEXT_ESTABLISHED 


Context is already fully established

KG_BAD_SIGN_TYPE 


Unknown signature type in token

KG_BAD_LENGTH 


Invalid field length in token

KG_CTX_INCOMPLETE 


Attempt to use incomplete security context

KG_CONTEXT 


Bad magic number for krb5_gss_ctx_id_t

KG_CRED 

Bad magic number for krb5_gss_cred_id_t

KG_ENC_DESC 


Bad magic number for krb5_gss_enc_desc

kadmin Time Zones

This is a complete listing of the time zones recognized by the kadmin command:

gmt 

Greenwich Mean Time

ut, utc 

Universal Time (Coordinated).

wet 

Western European Time. (Same as GMT.)

bst 

British Summer Time. (1 hour ahead of GMT.)

wat 

West Africa Time. (1 hour behind GMT.)

at 

Azores Time. (2 hours behind GMT.)

bst 

Brazil Standard Time. (3 hours behind GMT.) Note that the acronym BST also stands for British Summer Time.

gst 

Greenland Standard Time. (3 hours behind GMT.) Note that the acronym GST also stands for Guam Standard Time.

nft 

Newfoundland Time. (3.5 hours behind GMT.)

nst 

Newfoundland Standard Time. (3.5 hours behind GMT.)

ndt 

Newfoundland Daylight Time. (2.5 hours behind GMT.)

ast 

Atlantic Standard Time. (4 hours behind GMT.)

adt 

Atlantic Daylight Time. (3 hours behind GMT.)

est 

Eastern Standard Time. (5 hours behind GMT.)

edt 

Eastern Daylight Time. (4 hours behind GMT.)

cst 

Central Standard Time. (6 hours behind GMT.)

cdt 

Central Daylight Time. (5 hours behind GMT.)

mst 

Mountain Standard Time. (7 hours behind GMT.)

mdt 

Mountain Daylight Time. (6 hours behind GMT.)

pst 

Pacific Standard Time. (8 hours behind GMT.)

pdt 

Pacific Daylight Time. (7 hours behind GMT.)

yst 

Yukon Standard Time. (9 hours behind GMT.)

ydt 

Yukon Daylight Time. (8 hours behind GMT.)

hst 

Hawaii Standard Time. (10 hours behind GMT.)

hdt 

Hawaii Daylight Time. (9 hours behind GMT.)

cat 

Central Alaska Time. (10 hours behind GMT.)

ahst 

Alaska-Hawaii Standard Time. (10 hours behind GMT.)

nt 

Nome Time. (11 hours behind GMT.)

idlw 

International Date Line West Time. (12 hours behind GMT.)

cet 

Central European Time. (1 hour ahead of GMT.)

met 

Middle European Time. (1 hour ahead of GMT.)

mewt 

Middle European Winter Time. (1 hour ahead of GMT.)

mest 

Middle European Summer Time. (2 hours ahead of GMT.)

swt 

Swedish Winter Time. (1 hour ahead of GMT.)

sst 

Swedish Summer Time. (1 hours ahead of GMT.)

fwt 

French Winter Time. (1 hour ahead of GMT.)

fst 

French Summer Time. (2 hours ahead of GMT.)

eet 

Eastern Europe Time; Russia Zone 1. (2 hours ahead of GMT.)

bt 

Baghdad Time; Russia Zone 2. (3 hours ahead of GMT.)

it 

Iran Time. (3.5 hours ahead of GMT.)

zp4 

Russia Zone 3. (4 hours ahead of GMT.)

zp5 

Russia Zone 4. (5 hours ahead of GMT.)

ist 

Indian Standard Time. (5.5 hours ahead of GMT.)

zp6 

Russia Zone 5. (6 hours ahead of GMT.)

nst 

North Sumatra Time. (6.5 hours ahead of GMT.) Note that the acronym NST is also used for Newfoundland Standard Time.

sst 

South Sumatra Time; Russia Zone 6. (7 hours ahead of GMT.) Note that SST is also Swedish Summer Time.

wast 

West Australian Standard Time. (7 hours ahead of GMT.)

wadt 

West Australian Daylight Time. (8 hours ahead of GMT.)

jt 

Java Time. (7.5 hours ahead of GMT.)

cct 

China Coast Time; Russia Zone 7. (8 hours ahead of GMT.)

jst 

Japan Standard time; Russia Zone 8. (9 hours ahead of GMT.)

kst 

Korean Standard Time. (9 hours ahead of GMT.)

cast 

Central Australian Standard Time. (9.5 hours ahead of GMT.)

cadt 

Central Australian Daylight Time. (10.5 hours ahead of GMT.)

east 

Eastern Australian Standard Time. (10 hours ahead of GMT.)

eadt 

Eastern Australian Daylight Time. (11 hours ahead of GMT.)

gst 

Guam Standard Time; Russia Zone 9. (10 hours ahead of GMT.)

kdt 

Korean Daylight Time. (10 hours ahead of GMT.)

nzt 

New Zealand Time. (12 hours ahead of GMT.)

nzst 

New Zealand Standard Time. (12 hours ahead of GMT.)

nzdt 

New Zealand Daylight Time. (13 hours ahead of GMT.)

idle 

International Date Line East. (12 hours ahead of GMT.)

Prev Table of Contents Next
Chapter 8. System Data Files  Index