JavaScript is required to for searching.
Skip Navigation Links
Exit Print View
Developer's Guide to Oracle Solaris 11 Security     Oracle Solaris 11.1 Information Library
search filter icon
search icon

Document Information

Preface

1.  Oracle Solaris Security for Developers (Overview)

2.  Developing Privileged Applications

3.  Writing PAM Applications and Services

4.  Writing Applications That Use GSS-API

5.  GSS-API Client Example

6.  GSS-API Server Example

7.  Writing Applications That Use SASL

8.  Introduction to the Oracle Solaris Cryptographic Framework

9.  Writing User-Level Cryptographic Applications

10.  Introduction to the Oracle Solaris Key Management Framework

A.  Secure Coding Guidelines for Developers

B.  Sample C-Based GSS-API Programs

C.  GSS-API Reference

GSS-API Functions

Functions From Previous Versions of GSS-API

Functions for Manipulating OIDs

Renamed Functions

GSS-API Status Codes

GSS-API Major Status Code Values

Displaying Status Codes

Status Code Macros

GSS-API Data Types and Values

Basic GSS-API Data Types

OM_uint32

gss_buffer_desc

gss_OID_desc

gss_OID_set_desc

gss_channel_bindings_struct

Name Types

Address Types for Channel Bindings

Implementation-Specific Features in GSS-API

Oracle Solaris-Specific Functions

Human-Readable Name Syntax

Format of Anonymous Names

Implementations of Selected Data Types

Deletion of Contexts and Stored Data

Protection of Channel-Binding Information

Context Exportation and Interprocess Tokens

Types of Credentials Supported

Credential Expiration

Context Expiration

Wrap Size Limits and QOP Values

Use of minor_status Parameter

Kerberos v5 Status Codes

Messages Returned in Kerberos v5 for Status Code 1

Messages Returned in Kerberos v5 for Status Code 2

Messages Returned in Kerberos v5 for Status Code 3

Messages Returned in Kerberos v5 for Status Code 4

Messages Returned in Kerberos v5 for Status Code 5

Messages Returned in Kerberos v5 for Status Code 6

Messages Returned in Kerberos v5 for Status Code 7

D.  Specifying an OID

E.  Source Code for SASL Example

F.  SASL Reference Tables

Glossary

Index

Kerberos v5 Status Codes

Each GSS-API function returns two status codes: a major status code and a minor status code. Major status codes relate to the behavior of GSS-API. For example, if an application attempts to transmit a message after a security context has expired, GSS-API returns a major status code of GSS_S_CONTEXT_EXPIRED. Major status codes are listed in GSS-API Status Codes.

Minor status codes are returned by the underlying security mechanisms supported by a given implementation of GSS-API. Every GSS-API function takes as the first argument a minor_status or minor_stat parameter. An application can examine this parameter when the function returns, successfully or not, to see the status that is returned by the underlying mechanism.

The following tables list the status messages that can be returned by Kerberos v5 in the minor_status argument. For more on GSS-API status codes, see GSS-API Status Codes.

Messages Returned in Kerberos v5 for Status Code 1

The following table lists the minor status messages that are returned in Kerberos v5 for status code 1.

Table C-5 Kerberos v5 Status Codes 1

Minor Status
Value
Meaning
KRB5KDC_ERR_NONE
-1765328384L
No error
KRB5KDC_ERR_NAME_EXP
-1765328383L
Client's entry in database has expired
KRB5KDC_ERR_SERVICE_EXP
-1765328382L
Server's entry in database has expired
KRB5KDC_ERR_BAD_PVNO
-1765328381L
Requested protocol version not supported
KRB5KDC_ERR_C_OLD_MAST_KVNO
-1765328380L
Client's key is encrypted in an old master key
KRB5KDC_ERR_S_OLD_MAST_KVNO
-1765328379L
Server's key is encrypted in an old master key
KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN
-1765328378L
Client not found in Kerberos database
KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN
-1765328377L
Server not found in Kerberos database
KRB5KDC_ERR_PRINCIPAL_NOT_UNIQUE
-1765328376L
Principal has multiple entries in Kerberos database
KRB5KDC_ERR_NULL_KEY
-1765328375L
Client or server has a null key
KRB5KDC_ERR_CANNOT_POSTDATE
-1765328374L
Ticket is ineligible for postdating
KRB5KDC_ERR_NEVER_VALID
-1765328373L
Requested effective lifetime is negative or too short
KRB5KDC_ERR_POLICY
-1765328372L
KDC policy rejects request
KRB5KDC_ERR_BADOPTION
-1765328371L
KDC can't fulfill requested option
KRB5KDC_ERR_ETYPE_NOSUPP
-1765328370L
KDC has no support for encryption type
KRB5KDC_ERR_SUMTYPE_NOSUPP
-1765328369L
KDC has no support for checksum type
KRB5KDC_ERR_PADATA_TYPE_NOSUPP
-1765328368L
KDC has no support for padata type
KRB5KDC_ERR_TRTYPE_NOSUPP
-1765328367L
KDC has no support for transited type
KRB5KDC_ERR_CLIENT_REVOKED
-1765328366L
Client's credentials have been revoked
KRB5KDC_ERR_SERVICE_REVOKED
-1765328365L
Credentials for server have been revoked

Messages Returned in Kerberos v5 for Status Code 2

The following table lists the minor status messages that are returned in Kerberos v5 for status code 2.

Table C-6 Kerberos v5 Status Codes 2

Minor Status
Value
Meaning
KRB5KDC_ERR_TGT_REVOKED
-1765328364L
TGT has been revoked
KRB5KDC_ERR_CLIENT_NOTYET
-1765328363L
Client not yet valid, try again later
KRB5KDC_ERR_SERVICE_NOTYET
-1765328362L
Server not yet valid, try again later
KRB5KDC_ERR_KEY_EXP
-1765328361L
Password has expired
KRB5KDC_ERR_PREAUTH_FAILED
-1765328360L
Preauthentication failed
KRB5KDC_ERR_PREAUTH_REQUIRED
-1765328359L
Additional preauthentication required
KRB5KDC_ERR_SERVER_NOMATCH
-1765328358L
Requested server and ticket don't match
KRB5PLACEHOLD_27 through KRB5PLACEHOLD_30
-1765328357L through -1765328354L
KRB5 error codes 27 through 30 (reserved)
KRB5KRB_AP_ERR_BAD_INTEGRITY
-1765328353L
Decrypt integrity check failed
KRB5KRB_AP_ERR_TKT_EXPIRED
-1765328352L
Ticket expired
KRB5KRB_AP_ERR_TKT_NYV
-1765328351L
Ticket not yet valid
KRB5KRB_AP_ERR_REPEAT
-1765328350L
Request is a replay
KRB5KRB_AP_ERR_NOT_US
-1765328349L
The ticket isn't for us
KRB5KRB_AP_ERR_BADMATCH
-1765328348L
Ticket/authenticator do not match
KRB5KRB_AP_ERR_SKEW
-1765328347L
Clock skew too great
KRB5KRB_AP_ERR_BADADDR
-1765328346L
Incorrect net address
KRB5KRB_AP_ERR_BADVERSION
-1765328345L
Protocol version mismatch
KRB5KRB_AP_ERR_MSG_TYPE
-1765328344L
Invalid message type
KRB5KRB_AP_ERR_MODIFIED
-1765328343L
Message stream modified
KRB5KRB_AP_ERR_BADORDER
-1765328342L
Message out of order
KRB5KRB_AP_ERR_ILL_CR_TKT
-1765328341L
Illegal cross-realm ticket
KRB5KRB_AP_ERR_BADKEYVER
-1765328340L
Key version is not available

Messages Returned in Kerberos v5 for Status Code 3

The following table lists the minor status messages that are returned in Kerberos v5 for status code 3.

Table C-7 Kerberos v5 Status Codes 3

Minor Status
Value
Meaning
KRB5KRB_AP_ERR_NOKEY
-1765328339L
Service key not available
KRB5KRB_AP_ERR_MUT_FAIL
-1765328338L
Mutual authentication failed
KRB5KRB_AP_ERR_BADDIRECTION
-1765328337L
Incorrect message direction
KRB5KRB_AP_ERR_METHOD
-1765328336L
Alternative authentication method required
KRB5KRB_AP_ERR_BADSEQ
-1765328335L
Incorrect sequence number in message
KRB5KRB_AP_ERR_INAPP_CKSUM
-1765328334L
Inappropriate type of checksum in message
KRB5PLACEHOLD_51 throughKRB5PLACEHOLD_59
-1765328333L through -1765328325L
KRB5 error codes 51 through 59 (reserved)
KRB5KRB_ERR_GENERIC
-1765328324L
Generic error
KRB5KRB_ERR_FIELD_TOOLONG
-1765328323L
Field is too long for this implementation
KRB5PLACEHOLD_62 through KRB5PLACEHOLD_127
-1765328322L through -1765328257L
KRB5 error codes 62 through 127 (reserved)
value not returned
-1765328256L
For internal use only
KRB5_LIBOS_BADLOCKFLAG
-1765328255L
Invalid flag for file lock mode
KRB5_LIBOS_CANTREADPWD
-1765328254L
Cannot read password
KRB5_LIBOS_BADPWDMATCH
-1765328253L
Password mismatch
KRB5_LIBOS_PWDINTR
-1765328252L
Password read interrupted
KRB5_PARSE_ILLCHAR
-1765328251L
Illegal character in component name
KRB5_PARSE_MALFORMED
-1765328250L
Malformed representation of principal
KRB5_CONFIG_CANTOPEN
-1765328249L
Can't open/find Kerberos /etc/krb5/krb5 configuration file
KRB5_CONFIG_BADFORMAT
-1765328248L
Improper format of Kerberos /etc/krb5/krb5 configuration file
KRB5_CONFIG_NOTENUFSPACE
-1765328247L
Insufficient space to return complete information
KRB5_BADMSGTYPE
-1765328246L
Invalid message type has been specified for encoding
KRB5_CC_BADNAME
-1765328245L
Credential cache name malformed

Messages Returned in Kerberos v5 for Status Code 4

The following table lists the minor status messages that are returned in Kerberos v5 for status code 4.

Table C-8 Kerberos v5 Status Codes 4

Minor Status
Value
Meaning
KRB5_CC_UNKNOWN_TYPE
-1765328244L
Unknown credential cache type
KRB5_CC_NOTFOUND
-1765328243L
No matching credential has been found
KRB5_CC_END
-1765328242L
End of credential cache reached
KRB5_NO_TKT_SUPPLIED
-1765328241L
Request did not supply a ticket
KRB5KRB_AP_WRONG_PRINC
-1765328240L
Wrong principal in request
KRB5KRB_AP_ERR_TKT_INVALID
-1765328239L
Ticket has invalid flag set
KRB5_PRINC_NOMATCH
-1765328238L
Requested principal and ticket don't match
KRB5_KDCREP_MODIFIED
-1765328237L
KDC reply did not match expectations
KRB5_KDCREP_SKEW
-1765328236L
Clock skew too great in KDC reply
KRB5_IN_TKT_REALM_MISMATCH
-1765328235L
Client/server realm mismatch in initial ticket request
KRB5_PROG_ETYPE_NOSUPP
-1765328234L
Program lacks support for encryption type
KRB5_PROG_KEYTYPE_NOSUPP
-1765328233L
Program lacks support for key type
KRB5_WRONG_ETYPE
-1765328232L
Requested encryption type not used in message
KRB5_PROG_SUMTYPE_NOSUPP
-1765328231L
Program lacks support for checksum type
KRB5_REALM_UNKNOWN
-1765328230L
Cannot find KDC for requested realm
KRB5_SERVICE_UNKNOWN
-1765328229L
Kerberos service unknown
KRB5_KDC_UNREACH
-1765328228L
Cannot contact any KDC for requested realm
KRB5_NO_LOCALNAME
-1765328227L
No local name found for principal name
KRB5_MUTUAL_FAILED
-1765328226L
Mutual authentication failed
KRB5_RC_TYPE_EXISTS
-1765328225L
Replay cache type is already registered
KRB5_RC_MALLOC
-1765328224L
No more memory to allocate in replay cache code
KRB5_RC_TYPE_NOTFOUND
-1765328223L
Replay cache type is unknown

Messages Returned in Kerberos v5 for Status Code 5

The following table lists the minor status messages that are returned in Kerberos v5 for status code 5

Table C-9 Kerberos v5 Status Codes 5

Minor Status
Value
Meaning
KRB5_RC_UNKNOWN
-1765328222L
Generic unknown RC error
KRB5_RC_REPLAY
-1765328221L
Message is a replay
KRB5_RC_IO
-1765328220L
Replay I/O operation failed
KRB5_RC_NOIO
-1765328219L
Replay cache type does not support non-volatile storage
KRB5_RC_PARSE
-1765328218L
Replay cache name parse and format error
KRB5_RC_IO_EOF
-1765328217L
End-of-file on replay cache I/O
KRB5_RC_IO_MALLOC
-1765328216L
No more memory to allocate in replay cache I/O code
KRB5_RC_IO_PERM
-1765328215L
Permission denied in replay cache code
KRB5_RC_IO_IO
-1765328214L
I/O error in replay cache i/o code
KRB5_RC_IO_UNKNOWN
-1765328213L
Generic unknown RC/IO error
KRB5_RC_IO_SPACE
-1765328212L
Insufficient system space to store replay information
KRB5_TRANS_CANTOPEN
-1765328211L
Can't open/find realm translation file
KRB5_TRANS_BADFORMAT
-1765328210L
Improper format of realm translation file
KRB5_LNAME_CANTOPEN
-1765328209L
Can't open or find lname translation database
KRB5_LNAME_NOTRANS
-1765328208L
No translation is available for requested principal
KRB5_LNAME_BADFORMAT
-1765328207L
Improper format of translation database entry
KRB5_CRYPTO_INTERNAL
-1765328206L
Cryptosystem internal error
KRB5_KT_BADNAME
-1765328205L
Key table name malformed
KRB5_KT_UNKNOWN_TYPE
-1765328204L
Unknown Key table type
KRB5_KT_NOTFOUND
-1765328203L
Key table entry not found
KRB5_KT_END
-1765328202L
End of key table reached
KRB5_KT_NOWRITE
-1765328201L
Cannot write to specified key table

Messages Returned in Kerberos v5 for Status Code 6

The following table lists the minor status messages that are returned in Kerberos v5 for status code 6.

Table C-10 Kerberos v5 Status Codes 6

Minor Status
Value
Meaning
KRB5_KT_IOERR
-1765328200L
Error writing to key table
KRB5_NO_TKT_IN_RLM
-1765328199L
Cannot find ticket for requested realm
KRB5DES_BAD_KEYPAR
-1765328198L
DES key has bad parity
KRB5DES_WEAK_KEY
-1765328197L
DES key is a weak key
KRB5_BAD_ENCTYPE
-1765328196L
Bad encryption type
KRB5_BAD_KEYSIZE
-1765328195L
Key size is incompatible with encryption type
KRB5_BAD_MSIZE
-1765328194L
Message size is incompatible with encryption type
KRB5_CC_TYPE_EXISTS
-1765328193L
Credentials cache type is already registered
KRB5_KT_TYPE_EXISTS
-1765328192L
Key table type is already registered
KRB5_CC_IO
-1765328191L
Credentials cache I/O operation failed
KRB5_FCC_PERM
-1765328190L
Credentials cache file permissions incorrect
KRB5_FCC_NOFILE
-1765328189L
No credentials cache file found
KRB5_FCC_INTERNAL
-1765328188L
Internal file credentials cache error
KRB5_CC_WRITE
-1765328187L
Error writing to credentials cache file
KRB5_CC_NOMEM
-1765328186L
No more memory to allocate in credentials cache code
KRB5_CC_FORMAT
-1765328185L
Bad format in credentials cache
KRB5_INVALID_FLAGS
-1765328184L
Invalid KDC option combination, which is an internal library error
KRB5_NO_2ND_TKT
-1765328183L
Request missing second ticket
KRB5_NOCREDS_SUPPLIED
-1765328182L
No credentials supplied to library routine
KRB5_SENDAUTH_BADAUTHVERS
-1765328181L
Bad sendauth version was sent
KRB5_SENDAUTH_BADAPPLVERS
-1765328180L
Bad application version was sent by sendauth
KRB5_SENDAUTH_BADRESPONSE
-1765328179L
Bad response during sendauth exchange
KRB5_SENDAUTH_REJECTED
-1765328178L
Server rejected authentication during sendauth exchange

Messages Returned in Kerberos v5 for Status Code 7

The following table lists the minor status messages that are returned in Kerberos v5 for status code 7.

Table C-11 Kerberos v5 Status Codes 7

Minor Status
Value
Meaning
KRB5_PREAUTH_BAD_TYPE
-1765328177L
Unsupported preauthentication type
KRB5_PREAUTH_NO_KEY
-1765328176L
Required preauthentication key not supplied
KRB5_PREAUTH_FAILED
-1765328175L
Generic preauthentication failure
KRB5_RCACHE_BADVNO
-1765328174L
Unsupported format version number for replay cache
KRB5_CCACHE_BADVNO
-1765328173L
Unsupported credentials cache format version number
KRB5_KEYTAB_BADVNO
-1765328172L
Unsupported version number for key table format
KRB5_PROG_ATYPE_NOSUPP
-1765328171L
Program lacks support for address type
KRB5_RC_REQUIRED
-1765328170L
Message replay detection requires rcache parameter
KRB5_ERR_BAD_HOSTNAME
-1765328169L
Host name cannot be canonicalized
KRB5_ERR_HOST_REALM_UNKNOWN
-1765328168L
Cannot determine realm for host
KRB5_SNAME_UNSUPP_NAMETYPE
-1765328167L
Conversion to service principal is undefined for name type
KRB5KRB_AP_ERR_V4_REPLY
-1765328166L
Initial Ticket response appears to be Version 4 error
KRB5_REALM_CANT_RESOLVE
-1765328165L
Cannot resolve KDC for requested realm
KRB5_TKT_NOT_FORWARDABLE
-1765328164L
The requesting ticket cannot get forwardable tickets
KRB5_FWD_BAD_PRINCIPAL
-1765328163L
Bad principal name while trying to forward credentials
KRB5_GET_IN_TKT_LOOP
-1765328162L
Looping detected inside krb5_get_in_tkt
KRB5_CONFIG_NODEFREALM
-1765328161L
Configuration file /etc/krb5/krb5.conf does not specify default realm
KRB5_SAM_UNSUPPORTED
-1765328160L
Bad SAM flags in obtain_sam_padata
KRB5_KT_NAME_TOOLONG
-1765328159L
Keytab name too long
KRB5_KT_KVNONOTFOUND
-1765328158L
Key version number for principal in key table is incorrect
KRB5_CONF_NOT_CONFIGURED
-1765328157L
Kerberos /etc/krb5/krb5.conf configuration file not configured
ERROR_TABLE_BASE_krb5
-1765328384L
default