Hi, attached is a patch that implements basic exception handling in pykerberos GSS path. This way we can get more information about the what actually failed (current pykerberos only knows success or AUTH_FAILED). I'm posting this here for comments: Things I'm unsure about are: * how should the exception format look like? Currently I've chosen: (errmsg_maj, errcode_maj)(errmsg_min, errcode_min) so code like: try: rc = kerberos.authGSSClientStep(vc, ""); except kerberos.KrbError, a: print a gives: (('Miscellaneous failure', 851968), ('No credentials cache found', -1765328189)) or in the case the exception is unhandled: KrbError: (('Miscellaneous failure', 851968), ('Permission denied', 13)) Should we better choose different exception classes for every type of problem (modeled after the error conditions listed in gssapi.h) - looks like overkill to me - we can add functions to analyze the error code in more detail at any later stage since we pass both major and minor code up to the application. * What exception classes do we want. What about: KrbError as base class KrbBasicAuthError(KrbError): exceptions in the basic auch module KrbGssAuthError(krbError): excpetions in the GSS module I'd be happy about any comments on this. Cheers, -- Guido