Skip Menu |
 

Subject: src/include/krb5_err.h needs to be updated to match RFC4120
Download (untitled) / with headers
text/plain 1.3KiB
RFC4120 specifies a number of new error codes. They need to be added to
krb5_err.h and the error message table.

KDC_ERROR_CLIENT_NOT_TRUSTED 62 Reserved for PKINIT
KDC_ERROR_KDC_NOT_TRUSTED 63 Reserved for PKINIT
KDC_ERROR_INVALID_SIG 64 Reserved for PKINIT
KDC_ERR_KEY_TOO_WEAK 65 Reserved for PKINIT
KDC_ERR_CERTIFICATE_MISMATCH 66 Reserved for PKINIT
KRB_AP_ERR_NO_TGT 67 No TGT available to
validate USER-TO-USER
KDC_ERR_WRONG_REALM 68 Reserved for future use
KRB_AP_ERR_USER_TO_USER_REQUIRED 69 Ticket must be for
USER-TO-USER
KDC_ERR_CANT_VERIFY_CERTIFICATE 70 Reserved for PKINIT
KDC_ERR_INVALID_CERTIFICATE 71 Reserved for PKINIT
KDC_ERR_REVOKED_CERTIFICATE 72 Reserved for PKINIT
KDC_ERR_REVOCATION_STATUS_UNKNOWN 73 Reserved for PKINIT
KDC_ERR_REVOCATION_STATUS_UNAVAILABLE 74 Reserved for PKINIT
KDC_ERR_CLIENT_NAME_MISMATCH 75 Reserved for PKINIT
KDC_ERR_KDC_NAME_MISMATCH 76 Reserved for PKINIT

KDC_ERR_WRONG_REALM is frequently returned by Active Directory and the
users are in turn presented with cryptic error messages. It would be
nice if this change could be committed for KFW 3.1.
A proposed patch
Download krb5_4325.diff
application/octet-stream 2.6KiB

Message body not shown because it is not plain text.

Here is a second version of the patch that includes all of the error
messages from PKINIT
Download krb5_4325.diff
application/octet-stream 3.1KiB

Message body not shown because it is not plain text.