Usually applications never needs to parse and understand Kerberos error messages since higher level functions will parse and push up the error in the krb5_context. These functions are described for completeness.
krb5_rd_error() parses and returns the kerboeros error message, the structure should be freed with
krb5_free_error_contents() when the caller is done with the structure.
krb5_free_error() frees the content and the memory region holding the structure iself.
krb5_free_error_contents() free the content of the KRB-ERROR message.
krb5_error_from_rd_error() will parse the error message and set the error buffer in krb5_context to the error string passed back or the matching error code in the KRB-ERROR message. Caller should pick up the message with
krb5_get_error_string(
3) (don't forget to free the returned string with
krb5_free_error_string()).