KDC error codes
The possible KDC error codes are:
- 0
- No error
- 1
- Client entry is expired
- 2
- Server entry is expired
- 3
- Protocol version is not supported
- 4
- Client key is encrypted in an old master key
- 5
- Server key is encrypted in an old master key
- 6
- Client is not defined in the security registry
- 7
- Server is not defined in the security registry
- 8
- Principal is not unique in the security registry
- 9
- No key is available for the principal
- 10
- Ticket is not eligible for postdating
- 11
- Ticket is never valid
- 12
- Request rejected due to KDC policy
- 13
- Request option is not supported
- 14
- Encryption type is not supported
- 15
- Checksum type is not supported
- 16
- Preauthentication type is not supported
- 17
- Transited data type is not supported
- 18
- Client account is revoked
- 19
- Server account is revoked
- 20
- TGT is revoked
- 21
- Client account is not valid yet
- 22
- Server account is not valid yet
- 23
- Password is expired
- 24
- Preauthentication failed
- 25
- Preauthentication required
- 26
- Supplied authentication ticket is not for the requested server
- 27
- Server requires user-to-user protocol
- 31
- Decryption integrity check failed
- 32
- Ticket is expired
- 33
- Ticket is not valid yet
- 34
- Request is a replay of a previous request
- 35
- Supplied authentication ticket is not for the current realm
- 36
- Ticket and authenticator do not match
- 37
- Clock skew is too great
- 38
- Incorrect network address
- 39
- Protocol version mismatch
- 40
- Invalid message type
- 41
- Message stream has been modified
- 42
- Message is out of order
- 44
- Key version is not available
- 45
- Service key is not available
- 46
- Mutual authentication failed
- 47
- Incorrect message direction
- 48
- Alternative authentication method required
- 49
- Incorrect message sequence number
- 50
- Inappropriate checksum type
- 60
- Generic error detected
- 61
- Field is too long
- 62
- Client certificate is not acceptable
- 63
- KDC certificate is not trusted or does not meet requirements
- 64
- Certificate signature not valid
- 65
- Client Diffie-Hellman key parameters not accepted
- 70
- Client certificate could not be verified
- 71
- Client certificate chain validation error occurred
- 72
- Client certificate chain contains a revoked certificate
- 73
- Revocation status for the certificate chain could not be determined
- 75
- Kerberos client name does not match name bound to the client certificate
- 76
- Kerberos KDC name does not match name bound to the KDC certificate
- 77
- Key purpose restricts certificate usage
- 78
- Certificate signature digest algorithm is not supported
- 79
- PKAuthenticator is missing the required paChecksum
- 80
- The signedData digest algorithm is not supported
- 81
- The Public Key encryption delivery method is not supported