blank.gif (43 bytes)

Church Of The
Swimming Elephant

Search:
8.3. Protocol constants and associated values Connected: An Internet Encyclopedia
8.3. Protocol constants and associated values

Up: Connected: An Internet Encyclopedia
Up: Requests For Comments
Up: RFC 1510
Up: 8. Constants and other defined values
Prev: 8.2.3. Name of the TGS
Next: 9. Interoperability requirements

8.3. Protocol constants and associated values

8.3. Protocol constants and associated values

The following tables list constants used in the protocol and defines their meanings.

---------------+-----------+----------+----------------+---------------
Encryption type|etype value|block size|minimum pad size|confounder size
---------------+-----------+----------+----------------+---------------
NULL                0            1              0              0
des-cbc-crc         1            8              4              8
des-cbc-md4         2            8              0              8
des-cbc-md5         3            8              0              8

-------------------------------+-------------------+-------------
Checksum type                  |sumtype value      |checksum size
-------------------------------+-------------------+-------------
CRC32                           1                   4
rsa-md4                         2                   16
rsa-md4-des                     3                   24
des-mac                         4                   16
des-mac-k                       5                   8
rsa-md4-des-k                   6                   16
rsa-md5                         7                   16
rsa-md5-des                     8                   24

-------------------------------+-----------------
padata type                    |padata-type value
-------------------------------+-----------------
PA-TGS-REQ                      1
PA-ENC-TIMESTAMP                2
PA-PW-SALT                      3

-------------------------------+-------------
authorization data type        |ad-type value
-------------------------------+-------------
reserved values                 0-63
OSF-DCE                         64
SESAME                          65

-------------------------------+-----------------
alternate authentication type  |method-type value
-------------------------------+-----------------
reserved values                 0-63
ATT-CHALLENGE-RESPONSE          64

-------------------------------+-------------
transited encoding type        |tr-type value
-------------------------------+-------------
DOMAIN-X500-COMPRESS            1
reserved values                 all others

--------------+-------+-----------------------------------------
Label         |Value  |Meaning or MIT code
--------------+-------+-----------------------------------------

pvno             5     current Kerberos protocol version number

message types

KRB_AS_REQ      10     Request for initial authentication
KRB_AS_REP      11     Response to KRB_AS_REQ request
KRB_TGS_REQ     12     Request for authentication based on TGT
KRB_TGS_REP     13     Response to KRB_TGS_REQ request
KRB_AP_REQ      14     application request to server
KRB_AP_REP      15     Response to KRB_AP_REQ_MUTUAL
KRB_SAFE        20     Safe (checksummed) application message
KRB_PRIV        21     Private (encrypted) application message
KRB_CRED        22     Private (encrypted) message to forward
                       credentials
KRB_ERROR       30     Error response


name types

KRB_NT_UNKNOWN   0   Name type not known
KRB_NT_PRINCIPAL 1   Just the name of the principal as in DCE, or
                     for users
KRB_NT_SRV_INST  2   Service and other unique instance (krbtgt)
KRB_NT_SRV_HST   3   Service with host name as instance (telnet,
                     rcommands)
KRB_NT_SRV_XHST  4   Service with host as remaining components
KRB_NT_UID       5   Unique ID


error codes

KDC_ERR_NONE                   0   No error
KDC_ERR_NAME_EXP               1   Client's entry in database has
                                   expired
KDC_ERR_SERVICE_EXP            2   Server's entry in database has
                                   expired
KDC_ERR_BAD_PVNO               3   Requested protocol version number
                                   not supported
KDC_ERR_C_OLD_MAST_KVNO        4   Client's key encrypted in old
                                   master key
KDC_ERR_S_OLD_MAST_KVNO        5   Server's key encrypted in old
                                   master key
KDC_ERR_C_PRINCIPAL_UNKNOWN    6   Client not found in Kerberos database
KDC_ERR_S_PRINCIPAL_UNKNOWN    7   Server not found in Kerberos database
KDC_ERR_PRINCIPAL_NOT_UNIQUE   8   Multiple principal entries in
                                   database
KDC_ERR_NULL_KEY               9   The client or server has a null key
KDC_ERR_CANNOT_POSTDATE       10   Ticket not eligible for postdating
KDC_ERR_NEVER_VALID           11   Requested start time is later than
                                   end time
KDC_ERR_POLICY                12   KDC policy rejects request
KDC_ERR_BADOPTION             13   KDC cannot accommodate requested
                                   option
KDC_ERR_ETYPE_NOSUPP          14   KDC has no support for encryption
                                   type
KDC_ERR_SUMTYPE_NOSUPP        15   KDC has no support for checksum type
KDC_ERR_PADATA_TYPE_NOSUPP    16   KDC has no support for padata type
KDC_ERR_TRTYPE_NOSUPP         17   KDC has no support for transited type
KDC_ERR_CLIENT_REVOKED        18   Clients credentials have been revoked
KDC_ERR_SERVICE_REVOKED       19   Credentials for server have been
                                   revoked
KDC_ERR_TGT_REVOKED           20   TGT has been revoked
KDC_ERR_CLIENT_NOTYET         21   Client not yet valid - try again
                                   later
KDC_ERR_SERVICE_NOTYET        22   Server not yet valid - try again
                                   later
KDC_ERR_KEY_EXPIRED           23   Password has expired - change
                                   password to reset
KDC_ERR_PREAUTH_FAILED        24   Pre-authentication information
                                   was invalid
KDC_ERR_PREAUTH_REQUIRED      25   Additional pre-authentication
                                   required*
KRB_AP_ERR_BAD_INTEGRITY      31   Integrity check on decrypted field
                                   failed
KRB_AP_ERR_TKT_EXPIRED        32   Ticket expired
KRB_AP_ERR_TKT_NYV            33   Ticket not yet valid
KRB_AP_ERR_REPEAT             34   Request is a replay
KRB_AP_ERR_NOT_US             35   The ticket isn't for us
KRB_AP_ERR_BADMATCH           36   Ticket and authenticator don't match
KRB_AP_ERR_SKEW               37   Clock skew too great
KRB_AP_ERR_BADADDR            38   Incorrect net address
KRB_AP_ERR_BADVERSION         39   Protocol version mismatch
KRB_AP_ERR_MSG_TYPE           40   Invalid msg type
KRB_AP_ERR_MODIFIED           41   Message stream modified
KRB_AP_ERR_BADORDER           42   Message out of order
KRB_AP_ERR_BADKEYVER          44   Specified version of key is not
                                   available
KRB_AP_ERR_NOKEY              45   Service key not available
KRB_AP_ERR_MUT_FAIL           46   Mutual authentication failed
KRB_AP_ERR_BADDIRECTION       47   Incorrect message direction
KRB_AP_ERR_METHOD             48   Alternative authentication method
                                   required*
KRB_AP_ERR_BADSEQ             49   Incorrect sequence number in message
KRB_AP_ERR_INAPP_CKSUM        50   Inappropriate type of checksum in
                                   message
KRB_ERR_GENERIC               60   Generic error (description in e-text)
KRB_ERR_FIELD_TOOLONG         61   Field is too long for this
                                   implementation

   *This error carries additional information in the e-data field.  The
   contents of the e-data field for this message is described in section
   5.9.1.


Next: 9. Interoperability requirements

Connected: An Internet Encyclopedia
8.3. Protocol constants and associated values

Cotse.Net

Protect yourself from cyberstalkers, identity thieves, and those who would snoop on you.
Stop spam from invading your inbox without losing the mail you want. We give you more control over your e-mail than any other service.
Block popups, ads, and malicious scripts while you surf the net through our anonymous proxies.
Participate in Usenet, host your web files, easily send anonymous messages, and more, much more.
All private, all encrypted, all secure, all in an easy to use service, and all for only $5.95 a month!

Service Details

 
.
www.cotse.com
Have you gone to church today?
.
All pages ©1999, 2000, 2001, 2002, 2003 Church of the Swimming Elephant unless otherwise stated
Church of the Swimming Elephant©1999, 2000, 2001, 2002, 2003 Cotse.com.
Cotse.com is a wholly owned subsidiary of Packetderm, LLC.

Packetderm, LLC
210 Park Ave #308
Worcester, MA 01609