5.9.1. KRB_ERROR definition

Connected: An Internet Encyclopedia
5.9.1. KRB_ERROR definition

Up: Connected: An Internet Encyclopedia
Up: Requests For Comments
Up: RFC 1510
Up: 5. Message Specifications
Up: 5.9. Error message specification
Prev: 5.9. Error message specification
Next: 6. Encryption and Checksum Specifications

5.9.1. KRB_ERROR definition

The KRB_ERROR message consists of the following fields:

   KRB-ERROR ::=   [APPLICATION 30] SEQUENCE {
                   pvno[0]               INTEGER,
                   msg-type[1]           INTEGER,
                   ctime[2]              KerberosTime OPTIONAL,
                   cusec[3]              INTEGER OPTIONAL,
                   stime[4]              KerberosTime,
                   susec[5]              INTEGER,
                   error-code[6]         INTEGER,
                   crealm[7]             Realm OPTIONAL,
                   cname[8]              PrincipalName OPTIONAL,
                   realm[9]              Realm, -- Correct realm
                   sname[10]             PrincipalName, -- Correct name
                   e-text[11]            GeneralString OPTIONAL,
                   e-data[12]            OCTET STRING OPTIONAL
   }

pvno and msg-type

These fields are described above in section 5.4.1. msg-type is KRB_ERROR.

ctime

This field is described above in section 5.4.1.

cusec

This field is described above in section 5.5.2.

stime

This field contains the current time on the server. It is of type KerberosTime.

susec

This field contains the microsecond part of the server's timestamp. Its value ranges from 0 to 999. It appears along with stime. The two fields are used in conjunction to specify a reasonably accurate timestamp.

error-code

This field contains the error code returned by Kerberos or the server when a request fails. To interpret the value of this field see the list of error codes in section 8. Implementations are encouraged to provide for national language support in the display of error messages.

crealm, cname, srealm and sname

These fields are described above in section 5.3.1.

e-text

This field contains additional text to help explain the error code associated with the failed request (for example, it might include a principal name which was unknown).

e-data

This field contains additional data about the error for use by the application to help it recover from or handle the error. If the errorcode is KDC_ERR_PREAUTH_REQUIRED, then the e-data field will contain an encoding of a sequence of padata fields, each corresponding to an acceptable pre- authentication method and optionally containing data for the method:

      METHOD-DATA ::=    SEQUENCE of PA-DATA

If the error-code is KRB_AP_ERR_METHOD, then the e-data field will contain an encoding of the following sequence:

      METHOD-DATA ::=    SEQUENCE {
                         method-type[0]   INTEGER,
                         method-data[1]   OCTET STRING OPTIONAL
       }

method-type will indicate the required alternate method; method-data will contain any required additional information.

Next: 6. Encryption and Checksum Specifications

Connected: An Internet Encyclopedia
5.9.1. KRB_ERROR definition