2.2.2 KERB-ERROR-DATA

Article
01/29/2024

The KERB-ERROR-DATA structure SHOULD <5> be returned by the application server in the e-data field in the KRB-ERROR message ([RFC4120] section 5.9.1) when clock skew recovery is attempted, and by the KDC for extended errors.

 KERB-ERROR-DATA ::= SEQUENCE {
     data-type              [1] INTEGER,
     data-value             [2] OCTET STRING OPTIONAL
 }

data-type: This value is as follows.

Integer Value	Meaning
2 KERB_AP_ERR_TYPE_SKEW_RECOVERY	Clock skew recovery was attempted.
3 KERB_ERR_TYPE_EXTENDED	The data-value field contains extended, implementation-specific error information.

Integer Value

Meaning

KERB_AP_ERR_TYPE_SKEW_RECOVERY

Clock skew recovery was attempted.

KERB_ERR_TYPE_EXTENDED

The data-value field contains extended, implementation-specific error information.

data-value: This value is as follows.

Data Type	Data Value
KERB_AP_ERR_TYPE_SKEW_RECOVERY	NULL.
KERB_ERR_TYPE_EXTENDED	A KERB-EXT-ERROR structure (section 2.2.1).

2.2.2 KERB-ERROR-DATA

Additional resources