Getting the right error code in tryagain client pre-auth interface

Alejandro Perez Mendez alex at
Mon Aug 6 13:48:24 EDT 2012

El 06/08/12 16:22, Greg Hudson escribió:
> On 08/06/2012 06:11 AM, Alejandro Perez Mendez wrote:
>> Thus, I cannot use that constant to check the error->error value in the
>> "tryagain" callback, since that parameter takes the 91 value, not the
>> -1765328293L one.
>> Is this an error, and the error->error value should be -1765328293L, or
>> should I "preprocess" the value to make it match the one in the #define?
> Kerberos protocol error codes are small integers.  Within the krb5 code
> base, we map those into a larger, structured error number space (using
> com_err) so that we can have a single integer type which expresses
> system errors, library errors, and protocol errors.
> It's not a bug that error->error is a Kerberos protocol error code,
> since the krb5_error structure is intended to represent a Kerberos
> protocol data unit, but it does mean that you won't be able to use a
> com_err value when checking this field.  Within the krb5 tree, we have
> internal constants defined in k5-int.h like:
> I suggest defining something along similar lines for your plugin module.
Hi Greg,

thanks for the answer. I didn't notice that definitions.  Then including


in the k5-int.h file would do it. I will do it in my branch, so I could 
be merged later.


More information about the krbdev mailing list