Content-Type: text/plain Content-Disposition: inline Content-Transfer-Encoding: binary MIME-Version: 1.0 X-Mailer: MIME-tools 5.427 (Entity 5.427) Subject: KDC status strings - format inconsistency X-RT-Original-Encoding: iso-8859-1 Content-Length: 1275 KDC status string carries an additional information about the state of AS/TGS exchange and is useful in conjunction with the actual error reported by KDC. (There are few exceptions when the status says "ISSUE" or "REFERRAL" which are not the errors.) One should notice that these strings are inconsistent in their format and statement. For example, FINDING_SERVER_KEY and CANT_FIND_CLIENT_KEY are both reported on error when key cannot be found but only the latter states this. The status strings use delimiters such as underscores and white-spaces sporadically: for example, "CLIENT EXPIRED" vs "TKT_EXPIRED". Finally, such variations as"Anonymous requested but anonymous principal not used." and "constructing state" bring even more variety to the status strings formats. It would be useful to come up with the common rules for KDC status strings. For example, use all upper case letters with underscores as delimiters. Since in most of the cases the status is set on error it might be redundant to state the failure in the status ("RANDOM_KEY_FAILED" or ADD_TR_FAIL" or "CAN'T_PROXY_TGT"). Use abbreviations instead of proper English words only when it is justified by commonly accepted Kerberos terminology. Finally, one should consider making the messages more concise.