Skip to main content

7.5. Protocol Constants and Associated Values

Overview

This section defines numerous constants used throughout the Kerberos protocol, including key usage numbers, data types, and error codes.

Contents

7.5.1. Key Usage Numbers

Identifies the purpose of key usage in different protocol contexts to prevent cross-protocol attacks.

7.5.2. PreAuthentication Data Types

Defines padata types for various pre-authentication mechanisms.

7.5.3. Address Types

Network address type identifiers (see Section 7.1).

7.5.4. Authorization Data Types

Types for authorization information embedded in tickets.

7.5.5. Transited Encoding Types

Methods for encoding the transited field in tickets.

7.5.6. Protocol Version Number

Kerberos V5 protocol version is 5.

7.5.7. Kerberos Message Types

Application tag numbers for different message types.

7.5.8. Name Types

Principal name type identifiers.

7.5.9. Error Codes

Comprehensive list of Kerberos error codes.

Key Usage Numbers

Key usage numbers prevent keys from being used for unintended purposes:

  • 1: AS-REQ PA-ENC-TIMESTAMP
  • 2: AS-REP encrypted part
  • 3: TGS-REQ authenticator
  • 4-11: Various TGS operations
  • 12-25: Various application operations

Error Codes (Selected)

  • KDC_ERR_NONE (0): No error
  • KDC_ERR_NAME_EXP (1): Client's entry expired
  • KDC_ERR_SERVICE_EXP (2): Server's entry expired
  • KDC_ERR_BAD_PVNO (3): Bad protocol version
  • KDC_ERR_C_PRINCIPAL_UNKNOWN (6): Client not found
  • KDC_ERR_S_PRINCIPAL_UNKNOWN (7): Server not found
  • KDC_ERR_PREAUTH_FAILED (24): Pre-authentication failed
  • KDC_ERR_PREAUTH_REQUIRED (25): Pre-authentication required
  • KRB_AP_ERR_BAD_INTEGRITY (31): Integrity check failed
  • And many others...

Authorization Data Types

  • AD-IF-RELEVANT (1): Authorization data that can be ignored
  • AD-INTENDED-FOR-SERVER (2): Server-specific authorization data
  • AD-INTENDED-FOR-APPLICATION-CLASS (3): Application class specific
  • AD-KDC-ISSUED (4): KDC-issued authorization data
  • AD-MANDATORY-FOR-KDC (8): Must be understood by KDC

Reference

For complete lists of all constants and values, refer to RFC 4120 Section 7.5.

Last updated on