Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Some security packages support extended error messages that allow the sides of a communication link to communicate any reasons for a failure. For example, the Kerberos protocol could fail because of a time discrepancy between the time of request for a Kerberos ticket and the ticket's time of issue. With information from returned extended error information, a client can resynchronize its clock and generate a new connection message.
A security package setting the SECPKG_FLAG_EXTENDED_ERROR flag in the fCapabilities member of a SecPkgInfo structure indicates that the security package supports extended error messages.
Client applications requiring extended error messages specify the ISC_REQ_EXTENDED_ERROR flag when calling the InitializeSecurityContext (General) function. Server applications requiring extended error messages set the ASC_REQ_EXTENDED_ERROR flag when calling AcceptSecurityContext (General).