diff --git a/lib/com_err/Makefile.am b/lib/com_err/Makefile.am
new file mode 100644
index 000000000..d8f8fe20b
--- /dev/null
+++ b/lib/com_err/Makefile.am
@@ -0,0 +1,12 @@
+# $Id$
+
+AUTOMAKE_OPTIONS = no-dependencies
+
+INCLUDES = -I$(top_builddir)/include -I$(srcdir)/.. -I$(srcdir)
+
+lib_LIBRARIES = error
+
+error_SOURCES = error.c krb5_err.c
+
+%.c: %.et
+	$(srcdir)/compile_et $<
diff --git a/lib/com_err/compile_et.awk b/lib/com_err/compile_et.awk
new file mode 100644
index 000000000..ab45504c0
--- /dev/null
+++ b/lib/com_err/compile_et.awk
@@ -0,0 +1,88 @@
+#
+# $Id$
+#
+
+$1 == "error_table" {
+	name = $2
+	base = 0
+	for(i = 1; i <= 4; i++){
+		base = base * 64 + index("ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789_", substr(name, i, 1))
+	}
+	base *= 256
+	if(base >= 2147483648){ # 0x80000000
+		base = -(4294967295 - base + 1) # 0xffffffff
+	}
+	sub("\\..*$", "", name)
+	c_file = name "_err.c"
+	h_file = name "_err.h"
+	number = 0
+	print "/* Generated from " FILENAME " */" > c_file
+	print "#include <krb5_locl.h>" > c_file
+	print "#include <krb5_error.h>" > c_file
+#	print "#include \"" h_file "\"\n" > c_file
+	print "" > c_file
+	print "static const char *text[] = {" > c_file
+
+	print "/* Generated from " FILENAME " */" > h_file
+	print "#include <krb5_error.h>" > h_file
+	print "" > h_file
+	print "void initialize_" name "_error_table(struct error_list**);" > h_file
+	print "" > h_file
+	print "enum " name "_error_number{" > h_file
+	print "\tERROR_TABLE_BASE_" name " = " base "," > h_file
+	next
+}
+
+function end_file(c_file, h_file){
+	print "\tNULL" > c_file
+	print "};" > c_file
+	print "" > c_file
+	print "static struct error_table et = { text, " base ", " number " };" > c_file
+	print "static struct error_list " name "_link = { 0, 0 };" > c_file
+
+	print "void initialize_" name "_error_table (struct error_list **list) {" > c_file
+	print "\tif (!" name "_link.table) {" > c_file
+        print "\t\t" name "_link.next = *list;" > c_file
+	print "\t\t" name "_link.table = &et;" > c_file
+	print "\t\t*list = &" name "_link;" > c_file
+	print "\t}" > c_file
+	print "}" > c_file
+	close(c_file)
+	print "};" > h_file
+	close(h_file)
+}
+
+function print_line(name, string, value) {
+	printf("\t%s = %d,\n", name, value + base) > h_file
+	printf("\t/* %3d */ %s,\n", value, string) > c_file
+}
+
+$1 == "index" {
+	newnumber = $2
+	for(; number < newnumber; number++)
+		print_line(toupper(name)"_ERROR_" number, 
+				"\"Reserved error number " number "\"", number)
+	next
+}
+$1 == "prefix" {
+	prefix = $2
+	if(prefix != "")
+		prefix = prefix "_"
+	next
+}
+
+$1 == "error_code" {
+	code = $0
+	sub("error_code[ \t]+", "", code)
+	sub(",.*", "", code)
+	code = prefix code
+	string = $0
+	sub("[^,]*,", "", string)
+	sub("[ \t]*", "", string)
+	print_line(code, string, number)
+	number++;
+	next
+}
+END {
+	end_file(c_file, h_file)
+}
diff --git a/lib/com_err/error.c b/lib/com_err/error.c
new file mode 100644
index 000000000..683a181fc
--- /dev/null
+++ b/lib/com_err/error.c
@@ -0,0 +1,28 @@
+#include "krb5_locl.h"
+#include <krb5_error.h>
+
+RCSID("$Id$");
+
+const char *
+krb5_get_err_text(krb5_context context, long code)
+{
+    struct error_list *p;
+    for(p = context->et_list; p; p = p->next){
+	if(code >= p->table->base && code < p->table->base + p->table->n_msgs)
+	    return p->table->msgs[code - p->table->base];
+    }
+    return "Error message not found";
+}
+
+void
+krb5_init_ets(krb5_context context)
+{
+    if(context->et_list == NULL){
+	initialize_krb5_error_table(&context->et_list);
+#if 0
+	initialize_kv5m_error_table(&context->et_list);
+	initialize_kdb5_error_table(&context->et_list);
+	initialize_asn1_error_table(&context->et_list);
+#endif
+    }
+}
diff --git a/lib/error/Makefile.am b/lib/error/Makefile.am
new file mode 100644
index 000000000..d8f8fe20b
--- /dev/null
+++ b/lib/error/Makefile.am
@@ -0,0 +1,12 @@
+# $Id$
+
+AUTOMAKE_OPTIONS = no-dependencies
+
+INCLUDES = -I$(top_builddir)/include -I$(srcdir)/.. -I$(srcdir)
+
+lib_LIBRARIES = error
+
+error_SOURCES = error.c krb5_err.c
+
+%.c: %.et
+	$(srcdir)/compile_et $<
diff --git a/lib/error/compile_et.awk b/lib/error/compile_et.awk
new file mode 100644
index 000000000..ab45504c0
--- /dev/null
+++ b/lib/error/compile_et.awk
@@ -0,0 +1,88 @@
+#
+# $Id$
+#
+
+$1 == "error_table" {
+	name = $2
+	base = 0
+	for(i = 1; i <= 4; i++){
+		base = base * 64 + index("ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789_", substr(name, i, 1))
+	}
+	base *= 256
+	if(base >= 2147483648){ # 0x80000000
+		base = -(4294967295 - base + 1) # 0xffffffff
+	}
+	sub("\\..*$", "", name)
+	c_file = name "_err.c"
+	h_file = name "_err.h"
+	number = 0
+	print "/* Generated from " FILENAME " */" > c_file
+	print "#include <krb5_locl.h>" > c_file
+	print "#include <krb5_error.h>" > c_file
+#	print "#include \"" h_file "\"\n" > c_file
+	print "" > c_file
+	print "static const char *text[] = {" > c_file
+
+	print "/* Generated from " FILENAME " */" > h_file
+	print "#include <krb5_error.h>" > h_file
+	print "" > h_file
+	print "void initialize_" name "_error_table(struct error_list**);" > h_file
+	print "" > h_file
+	print "enum " name "_error_number{" > h_file
+	print "\tERROR_TABLE_BASE_" name " = " base "," > h_file
+	next
+}
+
+function end_file(c_file, h_file){
+	print "\tNULL" > c_file
+	print "};" > c_file
+	print "" > c_file
+	print "static struct error_table et = { text, " base ", " number " };" > c_file
+	print "static struct error_list " name "_link = { 0, 0 };" > c_file
+
+	print "void initialize_" name "_error_table (struct error_list **list) {" > c_file
+	print "\tif (!" name "_link.table) {" > c_file
+        print "\t\t" name "_link.next = *list;" > c_file
+	print "\t\t" name "_link.table = &et;" > c_file
+	print "\t\t*list = &" name "_link;" > c_file
+	print "\t}" > c_file
+	print "}" > c_file
+	close(c_file)
+	print "};" > h_file
+	close(h_file)
+}
+
+function print_line(name, string, value) {
+	printf("\t%s = %d,\n", name, value + base) > h_file
+	printf("\t/* %3d */ %s,\n", value, string) > c_file
+}
+
+$1 == "index" {
+	newnumber = $2
+	for(; number < newnumber; number++)
+		print_line(toupper(name)"_ERROR_" number, 
+				"\"Reserved error number " number "\"", number)
+	next
+}
+$1 == "prefix" {
+	prefix = $2
+	if(prefix != "")
+		prefix = prefix "_"
+	next
+}
+
+$1 == "error_code" {
+	code = $0
+	sub("error_code[ \t]+", "", code)
+	sub(",.*", "", code)
+	code = prefix code
+	string = $0
+	sub("[^,]*,", "", string)
+	sub("[ \t]*", "", string)
+	print_line(code, string, number)
+	number++;
+	next
+}
+END {
+	end_file(c_file, h_file)
+}
diff --git a/lib/error/error.c b/lib/error/error.c
new file mode 100644
index 000000000..683a181fc
--- /dev/null
+++ b/lib/error/error.c
@@ -0,0 +1,28 @@
+#include "krb5_locl.h"
+#include <krb5_error.h>
+
+RCSID("$Id$");
+
+const char *
+krb5_get_err_text(krb5_context context, long code)
+{
+    struct error_list *p;
+    for(p = context->et_list; p; p = p->next){
+	if(code >= p->table->base && code < p->table->base + p->table->n_msgs)
+	    return p->table->msgs[code - p->table->base];
+    }
+    return "Error message not found";
+}
+
+void
+krb5_init_ets(krb5_context context)
+{
+    if(context->et_list == NULL){
+	initialize_krb5_error_table(&context->et_list);
+#if 0
+	initialize_kv5m_error_table(&context->et_list);
+	initialize_kdb5_error_table(&context->et_list);
+	initialize_asn1_error_table(&context->et_list);
+#endif
+    }
+}
diff --git a/lib/error/krb5_err.et b/lib/error/krb5_err.et
new file mode 100644
index 000000000..e33857e2f
--- /dev/null
+++ b/lib/error/krb5_err.et
@@ -0,0 +1,213 @@
+#
+# Error messages for the krb5 library
+#
+# This might look like a com_err file, but it not
+#
+# $Id$
+
+error_table krb5
+
+prefix KRB5KDC_ERR
+error_code NONE,		"No error"
+error_code NAME_EXP,		"Client's entry in database has expired"
+error_code SERVICE_EXP,		"Server's entry in database has expired"
+error_code BAD_PVNO,		"Requested protocol version not supported"
+error_code C_OLD_MAST_KVNO,	"Client's key is encrypted in an old master key"
+error_code S_OLD_MAST_KVNO,	"Server's key is encrypted in an old master key"
+error_code C_PRINCIPAL_UNKNOWN,	"Client not found in Kerberos database"
+error_code S_PRINCIPAL_UNKNOWN,	"Server not found in Kerberos database"
+error_code PRINCIPAL_NOT_UNIQUE,"Principal has multiple entries in Kerberos database"
+error_code NULL_KEY,		"Client or server has a null key"
+error_code CANNOT_POSTDATE,	"Ticket is ineligible for postdating"
+error_code NEVER_VALID,		"Requested effective lifetime is negative or too short"
+error_code POLICY,		"KDC policy rejects request"
+error_code BADOPTION,		"KDC can't fulfill requested option"
+error_code ETYPE_NOSUPP,	"KDC has no support for encryption type"
+error_code SUMTYPE_NOSUPP,	"KDC has no support for checksum type"
+error_code PADATA_TYPE_NOSUPP,	"KDC has no support for padata type"
+error_code TRTYPE_NOSUPP,	"KDC has no support for transited type"
+error_code CLIENT_REVOKED,	"Clients credentials have been revoked"
+error_code SERVICE_REVOKED,	"Credentials for server have been revoked"
+error_code TGT_REVOKED,		"TGT has been revoked"
+error_code CLIENT_NOTYET,	"Client not yet valid - try again later"
+error_code SERVICE_NOTYET,	"Server not yet valid - try again later"
+error_code KEY_EXP,		"Password has expired"
+error_code PREAUTH_FAILED,	"Preauthentication failed"
+error_code PREAUTH_REQUIRED,	"Additional pre-authentication required"
+error_code SERVER_NOMATCH,	"Requested server and ticket don't match"
+
+# 27-30 are reserved
+index 31
+prefix KRB5KRB_AP_ERR
+error_code BAD_INTEGRITY,	"Decrypt integrity check failed"
+error_code TKT_EXPIRED,		"Ticket expired"
+error_code TKT_NYV,		"Ticket not yet valid"
+error_code REPEAT,		"Request is a replay"
+error_code NOT_US,		"The ticket isn't for us"
+error_code BADMATCH,		"Ticket/authenticator don't match"
+error_code SKEW,		"Clock skew too great"
+error_code BADADDR,		"Incorrect net address"
+error_code BADVERSION,		"Protocol version mismatch"
+error_code MSG_TYPE,		"Invalid message type"
+error_code MODIFIED,		"Message stream modified"
+error_code BADORDER,		"Message out of order"
+error_code ILL_CR_TKT,		"Illegal cross-realm ticket"
+error_code BADKEYVER,		"Key version is not available"
+error_code NOKEY,		"Service key not available"
+error_code MUT_FAIL,		"Mutual authentication failed"
+error_code BADDIRECTION,	"Incorrect message direction"
+error_code METHOD,		"Alternative authentication method required"
+error_code BADSEQ,		"Incorrect sequence number in message"
+error_code INAPP_CKSUM,		"Inappropriate type of checksum in message"
+
+# 51-59 are reserved
+index 60
+prefix KRB5KRB_ERR
+error_code GENERIC,		"Generic error (see e-text)"
+error_code FIELD_TOOLONG,	"Field is too long for this implementation"
+
+# 62-127 are reserved
+index 128
+prefix
+error_code KRB5_ERR_RCSID,	"$Id$"
+
+error_code KRB5_LIBOS_BADLOCKFLAG,	"Invalid flag for file lock mode"
+error_code KRB5_LIBOS_CANTREADPWD,	"Cannot read password"
+error_code KRB5_LIBOS_BADPWDMATCH,	"Password mismatch"
+error_code KRB5_LIBOS_PWDINTR,		"Password read interrupted"
+
+error_code KRB5_PARSE_ILLCHAR,		"Illegal character in component name"
+error_code KRB5_PARSE_MALFORMED,	"Malformed representation of principal"
+
+error_code KRB5_CONFIG_CANTOPEN,	"Can't open/find configuration file"
+error_code KRB5_CONFIG_BADFORMAT,	"Improper format of configuration file"
+error_code KRB5_CONFIG_NOTENUFSPACE,	"Insufficient space to return complete information"
+
+error_code KRB5_BADMSGTYPE,		"Invalid message type specified for encoding"
+
+error_code KRB5_CC_BADNAME,		"Credential cache name malformed"
+error_code KRB5_CC_UNKNOWN_TYPE,	"Unknown credential cache type" 
+error_code KRB5_CC_NOTFOUND,		"Matching credential not found"
+error_code KRB5_CC_END,			"End of credential cache reached"
+
+error_code KRB5_NO_TKT_SUPPLIED,	"Request did not supply a ticket"
+
+error_code KRB5KRB_AP_WRONG_PRINC,		"Wrong principal in request"
+error_code KRB5KRB_AP_ERR_TKT_INVALID,	"Ticket has invalid flag set"
+
+error_code KRB5_PRINC_NOMATCH,		"Requested principal and ticket don't match"
+error_code KRB5_KDCREP_MODIFIED,	"KDC reply did not match expectations"
+error_code KRB5_KDCREP_SKEW,		"Clock skew too great in KDC reply"
+error_code KRB5_IN_TKT_REALM_MISMATCH,	"Client/server realm mismatch in initial ticket request"
+
+error_code KRB5_PROG_ETYPE_NOSUPP,	"Program lacks support for encryption type"
+error_code KRB5_PROG_KEYTYPE_NOSUPP,	"Program lacks support for key type"
+error_code KRB5_WRONG_ETYPE,		"Requested encryption type not used in message"
+error_code KRB5_PROG_SUMTYPE_NOSUPP,	"Program lacks support for checksum type"
+
+error_code KRB5_REALM_UNKNOWN,		"Cannot find KDC for requested realm"
+error_code KRB5_SERVICE_UNKNOWN,	"Kerberos service unknown"
+error_code KRB5_KDC_UNREACH,		"Cannot contact any KDC for requested realm"
+error_code KRB5_NO_LOCALNAME,		"No local name found for principal name"
+
+error_code KRB5_MUTUAL_FAILED,		"Mutual authentication failed"
+
+# some of these should be combined/supplanted by system codes
+
+error_code KRB5_RC_TYPE_EXISTS,		"Replay cache type is already registered"
+error_code KRB5_RC_MALLOC,		"No more memory to allocate (in replay cache code)"
+error_code KRB5_RC_TYPE_NOTFOUND,	"Replay cache type is unknown"
+error_code KRB5_RC_UNKNOWN,		"Generic unknown RC error"
+error_code KRB5_RC_REPLAY,		"Message is a replay"
+error_code KRB5_RC_IO,			"Replay I/O operation failed XXX"
+error_code KRB5_RC_NOIO,		"Replay cache type does not support non-volatile storage"
+error_code KRB5_RC_PARSE,		"Replay cache name parse/format error"
+
+error_code KRB5_RC_IO_EOF,		"End-of-file on replay cache I/O"
+error_code KRB5_RC_IO_MALLOC,		"No more memory to allocate (in replay cache I/O code)"
+error_code KRB5_RC_IO_PERM,		"Permission denied in replay cache code"
+error_code KRB5_RC_IO_IO,		"I/O error in replay cache i/o code"
+error_code KRB5_RC_IO_UNKNOWN,		"Generic unknown RC/IO error"
+error_code KRB5_RC_IO_SPACE,		"Insufficient system space to store replay information"
+
+error_code KRB5_TRANS_CANTOPEN,		"Can't open/find realm translation file"
+error_code KRB5_TRANS_BADFORMAT,	"Improper format of realm translation file"
+
+error_code KRB5_LNAME_CANTOPEN,		"Can't open/find lname translation database"
+error_code KRB5_LNAME_NOTRANS,		"No translation available for requested principal"
+error_code KRB5_LNAME_BADFORMAT,	"Improper format of translation database entry"
+
+error_code KRB5_CRYPTO_INTERNAL,	"Cryptosystem internal error"
+
+error_code KRB5_KT_BADNAME,		"Key table name malformed"
+error_code KRB5_KT_UNKNOWN_TYPE,	"Unknown Key table type" 
+error_code KRB5_KT_NOTFOUND,		"Key table entry not found"
+error_code KRB5_KT_END,			"End of key table reached"
+error_code KRB5_KT_NOWRITE,		"Cannot write to specified key table"
+error_code KRB5_KT_IOERR,		"Error writing to key table"
+
+error_code KRB5_NO_TKT_IN_RLM,		"Cannot find ticket for requested realm"
+error_code KRB5DES_BAD_KEYPAR,		"DES key has bad parity"
+error_code KRB5DES_WEAK_KEY,		"DES key is a weak key"
+
+error_code KRB5_BAD_ENCTYPE,		"Bad encryption type"
+error_code KRB5_BAD_KEYSIZE,		"Key size is incompatible with encryption type"
+error_code KRB5_BAD_MSIZE,		"Message size is incompatible with encryption type"
+
+error_code KRB5_CC_TYPE_EXISTS,		"Credentials cache type is already registered."
+error_code KRB5_KT_TYPE_EXISTS,		"Key table type is already registered."
+
+error_code KRB5_CC_IO,			"Credentials cache I/O operation failed XXX"
+error_code KRB5_FCC_PERM,		"Credentials cache file permissions incorrect"
+error_code KRB5_FCC_NOFILE,		"No credentials cache file found"
+error_code KRB5_FCC_INTERNAL,		"Internal file credentials cache error"
+error_code KRB5_CC_WRITE,		"Error writing to credentials cache file"
+error_code KRB5_CC_NOMEM,		"No more memory to allocate (in credentials cache code)"
+error_code KRB5_CC_FORMAT,		"Bad format in credentials cache"
+
+# errors for dual tgt library calls
+error_code KRB5_INVALID_FLAGS,		"Invalid KDC option combination (library internal error)"
+error_code KRB5_NO_2ND_TKT,		"Request missing second ticket"
+
+error_code KRB5_NOCREDS_SUPPLIED,	"No credentials supplied to library routine"
+
+# errors for sendauth (and recvauth)
+
+error_code KRB5_SENDAUTH_BADAUTHVERS,	"Bad sendauth version was sent"
+error_code KRB5_SENDAUTH_BADAPPLVERS,	"Bad application version was sent (via sendauth)"
+error_code KRB5_SENDAUTH_BADRESPONSE,	"Bad response (during sendauth exchange)"
+error_code KRB5_SENDAUTH_REJECTED,	"Server rejected authentication (during sendauth exchange)"
+
+# errors for preauthentication
+
+error_code KRB5_PREAUTH_BAD_TYPE,	"Unsupported preauthentication type"
+error_code KRB5_PREAUTH_NO_KEY,		"Required preauthentication key not supplied"
+error_code KRB5_PREAUTH_FAILED,		"Generic preauthentication failure"
+
+# version number errors
+
+error_code KRB5_RCACHE_BADVNO,	"Unsupported replay cache format version number"
+error_code KRB5_CCACHE_BADVNO,	"Unsupported credentials cache format version number"
+error_code KRB5_KEYTAB_BADVNO,	"Unsupported key table format version number"
+
+#
+#
+
+error_code KRB5_PROG_ATYPE_NOSUPP,	"Program lacks support for address type"
+error_code KRB5_RC_REQUIRED,	"Message replay detection requires rcache parameter"
+error_code KRB5_ERR_BAD_HOSTNAME,	"Hostname cannot be canonicalized"
+error_code KRB5_ERR_HOST_REALM_UNKNOWN,	"Cannot determine realm for host"
+error_code KRB5_SNAME_UNSUPP_NAMETYPE,	"Conversion to service principal undefined for name type"
+
+error_code KRB5KRB_AP_ERR_V4_REPLY, "Initial Ticket response appears to be Version 4 error"
+error_code KRB5_REALM_CANT_RESOLVE,	"Cannot resolve KDC for requested realm"
+error_code KRB5_TKT_NOT_FORWARDABLE,	"Requesting ticket can't get forwardable tickets"
+error_code KRB5_FWD_BAD_PRINCIPAL, "Bad principal name while trying to forward credentials"
+
+error_code KRB5_GET_IN_TKT_LOOP,  "Looping detected inside krb5_get_in_tkt"
+error_code KRB5_CONFIG_NODEFREALM,	"Configuration file does not specify default realm"
+
+error_code KRB5_SAM_UNSUPPORTED,  "Bad SAM flags in obtain_sam_padata"
+error_code KRB5_KT_NAME_TOOLONG,	"Keytab name too long"
+
+end
diff --git a/lib/krb5/error/Makefile.am b/lib/krb5/error/Makefile.am
new file mode 100644
index 000000000..d8f8fe20b
--- /dev/null
+++ b/lib/krb5/error/Makefile.am
@@ -0,0 +1,12 @@
+# $Id$
+
+AUTOMAKE_OPTIONS = no-dependencies
+
+INCLUDES = -I$(top_builddir)/include -I$(srcdir)/.. -I$(srcdir)
+
+lib_LIBRARIES = error
+
+error_SOURCES = error.c krb5_err.c
+
+%.c: %.et
+	$(srcdir)/compile_et $<
diff --git a/lib/krb5/error/compile_et b/lib/krb5/error/compile_et
new file mode 100755
index 000000000..262e8a80a
--- /dev/null
+++ b/lib/krb5/error/compile_et
@@ -0,0 +1,10 @@
+#!/bin/sh
+
+file=`dirname $0`/compile_et.awk
+
+if [ ! -f $file ]; then
+	echo "compile_et: File not found: $file"
+	exit 1
+fi
+
+awk -f $file $1
diff --git a/lib/krb5/error/compile_et.awk b/lib/krb5/error/compile_et.awk
new file mode 100644
index 000000000..ab45504c0
--- /dev/null
+++ b/lib/krb5/error/compile_et.awk
@@ -0,0 +1,88 @@
+#
+# $Id$
+#
+
+$1 == "error_table" {
+	name = $2
+	base = 0
+	for(i = 1; i <= 4; i++){
+		base = base * 64 + index("ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789_", substr(name, i, 1))
+	}
+	base *= 256
+	if(base >= 2147483648){ # 0x80000000
+		base = -(4294967295 - base + 1) # 0xffffffff
+	}
+	sub("\\..*$", "", name)
+	c_file = name "_err.c"
+	h_file = name "_err.h"
+	number = 0
+	print "/* Generated from " FILENAME " */" > c_file
+	print "#include <krb5_locl.h>" > c_file
+	print "#include <krb5_error.h>" > c_file
+#	print "#include \"" h_file "\"\n" > c_file
+	print "" > c_file
+	print "static const char *text[] = {" > c_file
+
+	print "/* Generated from " FILENAME " */" > h_file
+	print "#include <krb5_error.h>" > h_file
+	print "" > h_file
+	print "void initialize_" name "_error_table(struct error_list**);" > h_file
+	print "" > h_file
+	print "enum " name "_error_number{" > h_file
+	print "\tERROR_TABLE_BASE_" name " = " base "," > h_file
+	next
+}
+
+function end_file(c_file, h_file){
+	print "\tNULL" > c_file
+	print "};" > c_file
+	print "" > c_file
+	print "static struct error_table et = { text, " base ", " number " };" > c_file
+	print "static struct error_list " name "_link = { 0, 0 };" > c_file
+
+	print "void initialize_" name "_error_table (struct error_list **list) {" > c_file
+	print "\tif (!" name "_link.table) {" > c_file
+        print "\t\t" name "_link.next = *list;" > c_file
+	print "\t\t" name "_link.table = &et;" > c_file
+	print "\t\t*list = &" name "_link;" > c_file
+	print "\t}" > c_file
+	print "}" > c_file
+	close(c_file)
+	print "};" > h_file
+	close(h_file)
+}
+
+function print_line(name, string, value) {
+	printf("\t%s = %d,\n", name, value + base) > h_file
+	printf("\t/* %3d */ %s,\n", value, string) > c_file
+}
+
+$1 == "index" {
+	newnumber = $2
+	for(; number < newnumber; number++)
+		print_line(toupper(name)"_ERROR_" number, 
+				"\"Reserved error number " number "\"", number)
+	next
+}
+$1 == "prefix" {
+	prefix = $2
+	if(prefix != "")
+		prefix = prefix "_"
+	next
+}
+
+$1 == "error_code" {
+	code = $0
+	sub("error_code[ \t]+", "", code)
+	sub(",.*", "", code)
+	code = prefix code
+	string = $0
+	sub("[^,]*,", "", string)
+	sub("[ \t]*", "", string)
+	print_line(code, string, number)
+	number++;
+	next
+}
+END {
+	end_file(c_file, h_file)
+}
diff --git a/lib/krb5/error/error.c b/lib/krb5/error/error.c
new file mode 100644
index 000000000..683a181fc
--- /dev/null
+++ b/lib/krb5/error/error.c
@@ -0,0 +1,28 @@
+#include "krb5_locl.h"
+#include <krb5_error.h>
+
+RCSID("$Id$");
+
+const char *
+krb5_get_err_text(krb5_context context, long code)
+{
+    struct error_list *p;
+    for(p = context->et_list; p; p = p->next){
+	if(code >= p->table->base && code < p->table->base + p->table->n_msgs)
+	    return p->table->msgs[code - p->table->base];
+    }
+    return "Error message not found";
+}
+
+void
+krb5_init_ets(krb5_context context)
+{
+    if(context->et_list == NULL){
+	initialize_krb5_error_table(&context->et_list);
+#if 0
+	initialize_kv5m_error_table(&context->et_list);
+	initialize_kdb5_error_table(&context->et_list);
+	initialize_asn1_error_table(&context->et_list);
+#endif
+    }
+}
diff --git a/lib/krb5/error/krb5_err.et b/lib/krb5/error/krb5_err.et
new file mode 100644
index 000000000..e33857e2f
--- /dev/null
+++ b/lib/krb5/error/krb5_err.et
@@ -0,0 +1,213 @@
+#
+# Error messages for the krb5 library
+#
+# This might look like a com_err file, but it not
+#
+# $Id$
+
+error_table krb5
+
+prefix KRB5KDC_ERR
+error_code NONE,		"No error"
+error_code NAME_EXP,		"Client's entry in database has expired"
+error_code SERVICE_EXP,		"Server's entry in database has expired"
+error_code BAD_PVNO,		"Requested protocol version not supported"
+error_code C_OLD_MAST_KVNO,	"Client's key is encrypted in an old master key"
+error_code S_OLD_MAST_KVNO,	"Server's key is encrypted in an old master key"
+error_code C_PRINCIPAL_UNKNOWN,	"Client not found in Kerberos database"
+error_code S_PRINCIPAL_UNKNOWN,	"Server not found in Kerberos database"
+error_code PRINCIPAL_NOT_UNIQUE,"Principal has multiple entries in Kerberos database"
+error_code NULL_KEY,		"Client or server has a null key"
+error_code CANNOT_POSTDATE,	"Ticket is ineligible for postdating"
+error_code NEVER_VALID,		"Requested effective lifetime is negative or too short"
+error_code POLICY,		"KDC policy rejects request"
+error_code BADOPTION,		"KDC can't fulfill requested option"
+error_code ETYPE_NOSUPP,	"KDC has no support for encryption type"
+error_code SUMTYPE_NOSUPP,	"KDC has no support for checksum type"
+error_code PADATA_TYPE_NOSUPP,	"KDC has no support for padata type"
+error_code TRTYPE_NOSUPP,	"KDC has no support for transited type"
+error_code CLIENT_REVOKED,	"Clients credentials have been revoked"
+error_code SERVICE_REVOKED,	"Credentials for server have been revoked"
+error_code TGT_REVOKED,		"TGT has been revoked"
+error_code CLIENT_NOTYET,	"Client not yet valid - try again later"
+error_code SERVICE_NOTYET,	"Server not yet valid - try again later"
+error_code KEY_EXP,		"Password has expired"
+error_code PREAUTH_FAILED,	"Preauthentication failed"
+error_code PREAUTH_REQUIRED,	"Additional pre-authentication required"
+error_code SERVER_NOMATCH,	"Requested server and ticket don't match"
+
+# 27-30 are reserved
+index 31
+prefix KRB5KRB_AP_ERR
+error_code BAD_INTEGRITY,	"Decrypt integrity check failed"
+error_code TKT_EXPIRED,		"Ticket expired"
+error_code TKT_NYV,		"Ticket not yet valid"
+error_code REPEAT,		"Request is a replay"
+error_code NOT_US,		"The ticket isn't for us"
+error_code BADMATCH,		"Ticket/authenticator don't match"
+error_code SKEW,		"Clock skew too great"
+error_code BADADDR,		"Incorrect net address"
+error_code BADVERSION,		"Protocol version mismatch"
+error_code MSG_TYPE,		"Invalid message type"
+error_code MODIFIED,		"Message stream modified"
+error_code BADORDER,		"Message out of order"
+error_code ILL_CR_TKT,		"Illegal cross-realm ticket"
+error_code BADKEYVER,		"Key version is not available"
+error_code NOKEY,		"Service key not available"
+error_code MUT_FAIL,		"Mutual authentication failed"
+error_code BADDIRECTION,	"Incorrect message direction"
+error_code METHOD,		"Alternative authentication method required"
+error_code BADSEQ,		"Incorrect sequence number in message"
+error_code INAPP_CKSUM,		"Inappropriate type of checksum in message"
+
+# 51-59 are reserved
+index 60
+prefix KRB5KRB_ERR
+error_code GENERIC,		"Generic error (see e-text)"
+error_code FIELD_TOOLONG,	"Field is too long for this implementation"
+
+# 62-127 are reserved
+index 128
+prefix
+error_code KRB5_ERR_RCSID,	"$Id$"
+
+error_code KRB5_LIBOS_BADLOCKFLAG,	"Invalid flag for file lock mode"
+error_code KRB5_LIBOS_CANTREADPWD,	"Cannot read password"
+error_code KRB5_LIBOS_BADPWDMATCH,	"Password mismatch"
+error_code KRB5_LIBOS_PWDINTR,		"Password read interrupted"
+
+error_code KRB5_PARSE_ILLCHAR,		"Illegal character in component name"
+error_code KRB5_PARSE_MALFORMED,	"Malformed representation of principal"
+
+error_code KRB5_CONFIG_CANTOPEN,	"Can't open/find configuration file"
+error_code KRB5_CONFIG_BADFORMAT,	"Improper format of configuration file"
+error_code KRB5_CONFIG_NOTENUFSPACE,	"Insufficient space to return complete information"
+
+error_code KRB5_BADMSGTYPE,		"Invalid message type specified for encoding"
+
+error_code KRB5_CC_BADNAME,		"Credential cache name malformed"
+error_code KRB5_CC_UNKNOWN_TYPE,	"Unknown credential cache type" 
+error_code KRB5_CC_NOTFOUND,		"Matching credential not found"
+error_code KRB5_CC_END,			"End of credential cache reached"
+
+error_code KRB5_NO_TKT_SUPPLIED,	"Request did not supply a ticket"
+
+error_code KRB5KRB_AP_WRONG_PRINC,		"Wrong principal in request"
+error_code KRB5KRB_AP_ERR_TKT_INVALID,	"Ticket has invalid flag set"
+
+error_code KRB5_PRINC_NOMATCH,		"Requested principal and ticket don't match"
+error_code KRB5_KDCREP_MODIFIED,	"KDC reply did not match expectations"
+error_code KRB5_KDCREP_SKEW,		"Clock skew too great in KDC reply"
+error_code KRB5_IN_TKT_REALM_MISMATCH,	"Client/server realm mismatch in initial ticket request"
+
+error_code KRB5_PROG_ETYPE_NOSUPP,	"Program lacks support for encryption type"
+error_code KRB5_PROG_KEYTYPE_NOSUPP,	"Program lacks support for key type"
+error_code KRB5_WRONG_ETYPE,		"Requested encryption type not used in message"
+error_code KRB5_PROG_SUMTYPE_NOSUPP,	"Program lacks support for checksum type"
+
+error_code KRB5_REALM_UNKNOWN,		"Cannot find KDC for requested realm"
+error_code KRB5_SERVICE_UNKNOWN,	"Kerberos service unknown"
+error_code KRB5_KDC_UNREACH,		"Cannot contact any KDC for requested realm"
+error_code KRB5_NO_LOCALNAME,		"No local name found for principal name"
+
+error_code KRB5_MUTUAL_FAILED,		"Mutual authentication failed"
+
+# some of these should be combined/supplanted by system codes
+
+error_code KRB5_RC_TYPE_EXISTS,		"Replay cache type is already registered"
+error_code KRB5_RC_MALLOC,		"No more memory to allocate (in replay cache code)"
+error_code KRB5_RC_TYPE_NOTFOUND,	"Replay cache type is unknown"
+error_code KRB5_RC_UNKNOWN,		"Generic unknown RC error"
+error_code KRB5_RC_REPLAY,		"Message is a replay"
+error_code KRB5_RC_IO,			"Replay I/O operation failed XXX"
+error_code KRB5_RC_NOIO,		"Replay cache type does not support non-volatile storage"
+error_code KRB5_RC_PARSE,		"Replay cache name parse/format error"
+
+error_code KRB5_RC_IO_EOF,		"End-of-file on replay cache I/O"
+error_code KRB5_RC_IO_MALLOC,		"No more memory to allocate (in replay cache I/O code)"
+error_code KRB5_RC_IO_PERM,		"Permission denied in replay cache code"
+error_code KRB5_RC_IO_IO,		"I/O error in replay cache i/o code"
+error_code KRB5_RC_IO_UNKNOWN,		"Generic unknown RC/IO error"
+error_code KRB5_RC_IO_SPACE,		"Insufficient system space to store replay information"
+
+error_code KRB5_TRANS_CANTOPEN,		"Can't open/find realm translation file"
+error_code KRB5_TRANS_BADFORMAT,	"Improper format of realm translation file"
+
+error_code KRB5_LNAME_CANTOPEN,		"Can't open/find lname translation database"
+error_code KRB5_LNAME_NOTRANS,		"No translation available for requested principal"
+error_code KRB5_LNAME_BADFORMAT,	"Improper format of translation database entry"
+
+error_code KRB5_CRYPTO_INTERNAL,	"Cryptosystem internal error"
+
+error_code KRB5_KT_BADNAME,		"Key table name malformed"
+error_code KRB5_KT_UNKNOWN_TYPE,	"Unknown Key table type" 
+error_code KRB5_KT_NOTFOUND,		"Key table entry not found"
+error_code KRB5_KT_END,			"End of key table reached"
+error_code KRB5_KT_NOWRITE,		"Cannot write to specified key table"
+error_code KRB5_KT_IOERR,		"Error writing to key table"
+
+error_code KRB5_NO_TKT_IN_RLM,		"Cannot find ticket for requested realm"
+error_code KRB5DES_BAD_KEYPAR,		"DES key has bad parity"
+error_code KRB5DES_WEAK_KEY,		"DES key is a weak key"
+
+error_code KRB5_BAD_ENCTYPE,		"Bad encryption type"
+error_code KRB5_BAD_KEYSIZE,		"Key size is incompatible with encryption type"
+error_code KRB5_BAD_MSIZE,		"Message size is incompatible with encryption type"
+
+error_code KRB5_CC_TYPE_EXISTS,		"Credentials cache type is already registered."
+error_code KRB5_KT_TYPE_EXISTS,		"Key table type is already registered."
+
+error_code KRB5_CC_IO,			"Credentials cache I/O operation failed XXX"
+error_code KRB5_FCC_PERM,		"Credentials cache file permissions incorrect"
+error_code KRB5_FCC_NOFILE,		"No credentials cache file found"
+error_code KRB5_FCC_INTERNAL,		"Internal file credentials cache error"
+error_code KRB5_CC_WRITE,		"Error writing to credentials cache file"
+error_code KRB5_CC_NOMEM,		"No more memory to allocate (in credentials cache code)"
+error_code KRB5_CC_FORMAT,		"Bad format in credentials cache"
+
+# errors for dual tgt library calls
+error_code KRB5_INVALID_FLAGS,		"Invalid KDC option combination (library internal error)"
+error_code KRB5_NO_2ND_TKT,		"Request missing second ticket"
+
+error_code KRB5_NOCREDS_SUPPLIED,	"No credentials supplied to library routine"
+
+# errors for sendauth (and recvauth)
+
+error_code KRB5_SENDAUTH_BADAUTHVERS,	"Bad sendauth version was sent"
+error_code KRB5_SENDAUTH_BADAPPLVERS,	"Bad application version was sent (via sendauth)"
+error_code KRB5_SENDAUTH_BADRESPONSE,	"Bad response (during sendauth exchange)"
+error_code KRB5_SENDAUTH_REJECTED,	"Server rejected authentication (during sendauth exchange)"
+
+# errors for preauthentication
+
+error_code KRB5_PREAUTH_BAD_TYPE,	"Unsupported preauthentication type"
+error_code KRB5_PREAUTH_NO_KEY,		"Required preauthentication key not supplied"
+error_code KRB5_PREAUTH_FAILED,		"Generic preauthentication failure"
+
+# version number errors
+
+error_code KRB5_RCACHE_BADVNO,	"Unsupported replay cache format version number"
+error_code KRB5_CCACHE_BADVNO,	"Unsupported credentials cache format version number"
+error_code KRB5_KEYTAB_BADVNO,	"Unsupported key table format version number"
+
+#
+#
+
+error_code KRB5_PROG_ATYPE_NOSUPP,	"Program lacks support for address type"
+error_code KRB5_RC_REQUIRED,	"Message replay detection requires rcache parameter"
+error_code KRB5_ERR_BAD_HOSTNAME,	"Hostname cannot be canonicalized"
+error_code KRB5_ERR_HOST_REALM_UNKNOWN,	"Cannot determine realm for host"
+error_code KRB5_SNAME_UNSUPP_NAMETYPE,	"Conversion to service principal undefined for name type"
+
+error_code KRB5KRB_AP_ERR_V4_REPLY, "Initial Ticket response appears to be Version 4 error"
+error_code KRB5_REALM_CANT_RESOLVE,	"Cannot resolve KDC for requested realm"
+error_code KRB5_TKT_NOT_FORWARDABLE,	"Requesting ticket can't get forwardable tickets"
+error_code KRB5_FWD_BAD_PRINCIPAL, "Bad principal name while trying to forward credentials"
+
+error_code KRB5_GET_IN_TKT_LOOP,  "Looping detected inside krb5_get_in_tkt"
+error_code KRB5_CONFIG_NODEFREALM,	"Configuration file does not specify default realm"
+
+error_code KRB5_SAM_UNSUPPORTED,  "Bad SAM flags in obtain_sam_padata"
+error_code KRB5_KT_NAME_TOOLONG,	"Keytab name too long"
+
+end
diff --git a/lib/krb5/error/krb5_error.h b/lib/krb5/error/krb5_error.h
new file mode 100644
index 000000000..954a41a5f
--- /dev/null
+++ b/lib/krb5/error/krb5_error.h
@@ -0,0 +1,21 @@
+/*
+ * $Id$
+ */
+
+#ifndef __KRB5_ERROR_H__
+#define __KRB5_ERROR_H__
+
+struct error_table {
+    char const * const * msgs;
+    long base;
+    int n_msgs;
+};
+
+struct error_list {
+    struct error_list *next;
+    const struct error_table * table;
+};
+
+const char *krb5_get_err_text(krb5_context context, long code);
+
+#endif /* __KRB5_ERROR_H__ */
diff --git a/lib/krb5/krb5_err.et b/lib/krb5/krb5_err.et
new file mode 100644
index 000000000..e33857e2f
--- /dev/null
+++ b/lib/krb5/krb5_err.et
@@ -0,0 +1,213 @@
+#
+# Error messages for the krb5 library
+#
+# This might look like a com_err file, but it not
+#
+# $Id$
+
+error_table krb5
+
+prefix KRB5KDC_ERR
+error_code NONE,		"No error"
+error_code NAME_EXP,		"Client's entry in database has expired"
+error_code SERVICE_EXP,		"Server's entry in database has expired"
+error_code BAD_PVNO,		"Requested protocol version not supported"
+error_code C_OLD_MAST_KVNO,	"Client's key is encrypted in an old master key"
+error_code S_OLD_MAST_KVNO,	"Server's key is encrypted in an old master key"
+error_code C_PRINCIPAL_UNKNOWN,	"Client not found in Kerberos database"
+error_code S_PRINCIPAL_UNKNOWN,	"Server not found in Kerberos database"
+error_code PRINCIPAL_NOT_UNIQUE,"Principal has multiple entries in Kerberos database"
+error_code NULL_KEY,		"Client or server has a null key"
+error_code CANNOT_POSTDATE,	"Ticket is ineligible for postdating"
+error_code NEVER_VALID,		"Requested effective lifetime is negative or too short"
+error_code POLICY,		"KDC policy rejects request"
+error_code BADOPTION,		"KDC can't fulfill requested option"
+error_code ETYPE_NOSUPP,	"KDC has no support for encryption type"
+error_code SUMTYPE_NOSUPP,	"KDC has no support for checksum type"
+error_code PADATA_TYPE_NOSUPP,	"KDC has no support for padata type"
+error_code TRTYPE_NOSUPP,	"KDC has no support for transited type"
+error_code CLIENT_REVOKED,	"Clients credentials have been revoked"
+error_code SERVICE_REVOKED,	"Credentials for server have been revoked"
+error_code TGT_REVOKED,		"TGT has been revoked"
+error_code CLIENT_NOTYET,	"Client not yet valid - try again later"
+error_code SERVICE_NOTYET,	"Server not yet valid - try again later"
+error_code KEY_EXP,		"Password has expired"
+error_code PREAUTH_FAILED,	"Preauthentication failed"
+error_code PREAUTH_REQUIRED,	"Additional pre-authentication required"
+error_code SERVER_NOMATCH,	"Requested server and ticket don't match"
+
+# 27-30 are reserved
+index 31
+prefix KRB5KRB_AP_ERR
+error_code BAD_INTEGRITY,	"Decrypt integrity check failed"
+error_code TKT_EXPIRED,		"Ticket expired"
+error_code TKT_NYV,		"Ticket not yet valid"
+error_code REPEAT,		"Request is a replay"
+error_code NOT_US,		"The ticket isn't for us"
+error_code BADMATCH,		"Ticket/authenticator don't match"
+error_code SKEW,		"Clock skew too great"
+error_code BADADDR,		"Incorrect net address"
+error_code BADVERSION,		"Protocol version mismatch"
+error_code MSG_TYPE,		"Invalid message type"
+error_code MODIFIED,		"Message stream modified"
+error_code BADORDER,		"Message out of order"
+error_code ILL_CR_TKT,		"Illegal cross-realm ticket"
+error_code BADKEYVER,		"Key version is not available"
+error_code NOKEY,		"Service key not available"
+error_code MUT_FAIL,		"Mutual authentication failed"
+error_code BADDIRECTION,	"Incorrect message direction"
+error_code METHOD,		"Alternative authentication method required"
+error_code BADSEQ,		"Incorrect sequence number in message"
+error_code INAPP_CKSUM,		"Inappropriate type of checksum in message"
+
+# 51-59 are reserved
+index 60
+prefix KRB5KRB_ERR
+error_code GENERIC,		"Generic error (see e-text)"
+error_code FIELD_TOOLONG,	"Field is too long for this implementation"
+
+# 62-127 are reserved
+index 128
+prefix
+error_code KRB5_ERR_RCSID,	"$Id$"
+
+error_code KRB5_LIBOS_BADLOCKFLAG,	"Invalid flag for file lock mode"
+error_code KRB5_LIBOS_CANTREADPWD,	"Cannot read password"
+error_code KRB5_LIBOS_BADPWDMATCH,	"Password mismatch"
+error_code KRB5_LIBOS_PWDINTR,		"Password read interrupted"
+
+error_code KRB5_PARSE_ILLCHAR,		"Illegal character in component name"
+error_code KRB5_PARSE_MALFORMED,	"Malformed representation of principal"
+
+error_code KRB5_CONFIG_CANTOPEN,	"Can't open/find configuration file"
+error_code KRB5_CONFIG_BADFORMAT,	"Improper format of configuration file"
+error_code KRB5_CONFIG_NOTENUFSPACE,	"Insufficient space to return complete information"
+
+error_code KRB5_BADMSGTYPE,		"Invalid message type specified for encoding"
+
+error_code KRB5_CC_BADNAME,		"Credential cache name malformed"
+error_code KRB5_CC_UNKNOWN_TYPE,	"Unknown credential cache type" 
+error_code KRB5_CC_NOTFOUND,		"Matching credential not found"
+error_code KRB5_CC_END,			"End of credential cache reached"
+
+error_code KRB5_NO_TKT_SUPPLIED,	"Request did not supply a ticket"
+
+error_code KRB5KRB_AP_WRONG_PRINC,		"Wrong principal in request"
+error_code KRB5KRB_AP_ERR_TKT_INVALID,	"Ticket has invalid flag set"
+
+error_code KRB5_PRINC_NOMATCH,		"Requested principal and ticket don't match"
+error_code KRB5_KDCREP_MODIFIED,	"KDC reply did not match expectations"
+error_code KRB5_KDCREP_SKEW,		"Clock skew too great in KDC reply"
+error_code KRB5_IN_TKT_REALM_MISMATCH,	"Client/server realm mismatch in initial ticket request"
+
+error_code KRB5_PROG_ETYPE_NOSUPP,	"Program lacks support for encryption type"
+error_code KRB5_PROG_KEYTYPE_NOSUPP,	"Program lacks support for key type"
+error_code KRB5_WRONG_ETYPE,		"Requested encryption type not used in message"
+error_code KRB5_PROG_SUMTYPE_NOSUPP,	"Program lacks support for checksum type"
+
+error_code KRB5_REALM_UNKNOWN,		"Cannot find KDC for requested realm"
+error_code KRB5_SERVICE_UNKNOWN,	"Kerberos service unknown"
+error_code KRB5_KDC_UNREACH,		"Cannot contact any KDC for requested realm"
+error_code KRB5_NO_LOCALNAME,		"No local name found for principal name"
+
+error_code KRB5_MUTUAL_FAILED,		"Mutual authentication failed"
+
+# some of these should be combined/supplanted by system codes
+
+error_code KRB5_RC_TYPE_EXISTS,		"Replay cache type is already registered"
+error_code KRB5_RC_MALLOC,		"No more memory to allocate (in replay cache code)"
+error_code KRB5_RC_TYPE_NOTFOUND,	"Replay cache type is unknown"
+error_code KRB5_RC_UNKNOWN,		"Generic unknown RC error"
+error_code KRB5_RC_REPLAY,		"Message is a replay"
+error_code KRB5_RC_IO,			"Replay I/O operation failed XXX"
+error_code KRB5_RC_NOIO,		"Replay cache type does not support non-volatile storage"
+error_code KRB5_RC_PARSE,		"Replay cache name parse/format error"
+
+error_code KRB5_RC_IO_EOF,		"End-of-file on replay cache I/O"
+error_code KRB5_RC_IO_MALLOC,		"No more memory to allocate (in replay cache I/O code)"
+error_code KRB5_RC_IO_PERM,		"Permission denied in replay cache code"
+error_code KRB5_RC_IO_IO,		"I/O error in replay cache i/o code"
+error_code KRB5_RC_IO_UNKNOWN,		"Generic unknown RC/IO error"
+error_code KRB5_RC_IO_SPACE,		"Insufficient system space to store replay information"
+
+error_code KRB5_TRANS_CANTOPEN,		"Can't open/find realm translation file"
+error_code KRB5_TRANS_BADFORMAT,	"Improper format of realm translation file"
+
+error_code KRB5_LNAME_CANTOPEN,		"Can't open/find lname translation database"
+error_code KRB5_LNAME_NOTRANS,		"No translation available for requested principal"
+error_code KRB5_LNAME_BADFORMAT,	"Improper format of translation database entry"
+
+error_code KRB5_CRYPTO_INTERNAL,	"Cryptosystem internal error"
+
+error_code KRB5_KT_BADNAME,		"Key table name malformed"
+error_code KRB5_KT_UNKNOWN_TYPE,	"Unknown Key table type" 
+error_code KRB5_KT_NOTFOUND,		"Key table entry not found"
+error_code KRB5_KT_END,			"End of key table reached"
+error_code KRB5_KT_NOWRITE,		"Cannot write to specified key table"
+error_code KRB5_KT_IOERR,		"Error writing to key table"
+
+error_code KRB5_NO_TKT_IN_RLM,		"Cannot find ticket for requested realm"
+error_code KRB5DES_BAD_KEYPAR,		"DES key has bad parity"
+error_code KRB5DES_WEAK_KEY,		"DES key is a weak key"
+
+error_code KRB5_BAD_ENCTYPE,		"Bad encryption type"
+error_code KRB5_BAD_KEYSIZE,		"Key size is incompatible with encryption type"
+error_code KRB5_BAD_MSIZE,		"Message size is incompatible with encryption type"
+
+error_code KRB5_CC_TYPE_EXISTS,		"Credentials cache type is already registered."
+error_code KRB5_KT_TYPE_EXISTS,		"Key table type is already registered."
+
+error_code KRB5_CC_IO,			"Credentials cache I/O operation failed XXX"
+error_code KRB5_FCC_PERM,		"Credentials cache file permissions incorrect"
+error_code KRB5_FCC_NOFILE,		"No credentials cache file found"
+error_code KRB5_FCC_INTERNAL,		"Internal file credentials cache error"
+error_code KRB5_CC_WRITE,		"Error writing to credentials cache file"
+error_code KRB5_CC_NOMEM,		"No more memory to allocate (in credentials cache code)"
+error_code KRB5_CC_FORMAT,		"Bad format in credentials cache"
+
+# errors for dual tgt library calls
+error_code KRB5_INVALID_FLAGS,		"Invalid KDC option combination (library internal error)"
+error_code KRB5_NO_2ND_TKT,		"Request missing second ticket"
+
+error_code KRB5_NOCREDS_SUPPLIED,	"No credentials supplied to library routine"
+
+# errors for sendauth (and recvauth)
+
+error_code KRB5_SENDAUTH_BADAUTHVERS,	"Bad sendauth version was sent"
+error_code KRB5_SENDAUTH_BADAPPLVERS,	"Bad application version was sent (via sendauth)"
+error_code KRB5_SENDAUTH_BADRESPONSE,	"Bad response (during sendauth exchange)"
+error_code KRB5_SENDAUTH_REJECTED,	"Server rejected authentication (during sendauth exchange)"
+
+# errors for preauthentication
+
+error_code KRB5_PREAUTH_BAD_TYPE,	"Unsupported preauthentication type"
+error_code KRB5_PREAUTH_NO_KEY,		"Required preauthentication key not supplied"
+error_code KRB5_PREAUTH_FAILED,		"Generic preauthentication failure"
+
+# version number errors
+
+error_code KRB5_RCACHE_BADVNO,	"Unsupported replay cache format version number"
+error_code KRB5_CCACHE_BADVNO,	"Unsupported credentials cache format version number"
+error_code KRB5_KEYTAB_BADVNO,	"Unsupported key table format version number"
+
+#
+#
+
+error_code KRB5_PROG_ATYPE_NOSUPP,	"Program lacks support for address type"
+error_code KRB5_RC_REQUIRED,	"Message replay detection requires rcache parameter"
+error_code KRB5_ERR_BAD_HOSTNAME,	"Hostname cannot be canonicalized"
+error_code KRB5_ERR_HOST_REALM_UNKNOWN,	"Cannot determine realm for host"
+error_code KRB5_SNAME_UNSUPP_NAMETYPE,	"Conversion to service principal undefined for name type"
+
+error_code KRB5KRB_AP_ERR_V4_REPLY, "Initial Ticket response appears to be Version 4 error"
+error_code KRB5_REALM_CANT_RESOLVE,	"Cannot resolve KDC for requested realm"
+error_code KRB5_TKT_NOT_FORWARDABLE,	"Requesting ticket can't get forwardable tickets"
+error_code KRB5_FWD_BAD_PRINCIPAL, "Bad principal name while trying to forward credentials"
+
+error_code KRB5_GET_IN_TKT_LOOP,  "Looping detected inside krb5_get_in_tkt"
+error_code KRB5_CONFIG_NODEFREALM,	"Configuration file does not specify default realm"
+
+error_code KRB5_SAM_UNSUPPORTED,  "Bad SAM flags in obtain_sam_padata"
+error_code KRB5_KT_NAME_TOOLONG,	"Keytab name too long"
+
+end