Better than reading RFC 1510 page 84, I found this web page.
I then decided to reformat and post here for my own easy reference.
Failure code(Decimal, then Hex) | Kerberos RFC description | Notes on common failure codes
1 0x1 Client's entry in database has expired
2 0x2 Server's entry in database has expired
3 0x3 Requested protocol version # not supported
4 0x4 Client's key encrypted in old master key
5 0x5 Server's key encrypted in old master key
6 0x6 Client not found in Kerberos database - Bad user name, or new computer/user account has not replicated to DC yet
7 0x7 Server not found in Kerberos database - New computer account has not replicated yet or computer is pre-w2k
8 0x8 Multiple principal entries in database
9 0x9 The client or server has a null key administrator should reset the password on the account
10 0xA Ticket not eligible for postdating
11 0xB Requested start time is later than end time
12 0xC KDC policy rejects request - Workstation/logon time restriction
13 0xD KDC cannot accommodate requested option
14 0xE KDC has no support for encryption type
15 0xF KDC has no support for checksum type
16 0x10 KDC has no support for padata type
17 0x11 KDC has no support for transited type
18 0x12 Clients credentials have been revoked - Account disabled, expired, or locked out.
19 0x13 Credentials for server have been revoked
20 0x14 TGT has been revoked
21 0x15 Client not yet valid - try again later
22 0x16 Server not yet valid - try again later
23 0x17 Password has expired The user’s password has expired.
24 0x18 Pre-authentication information was invalid - Usually means bad password
25 0x19 Additional pre-authentication required*
31 0x1F Integrity check on decrypted field failed
32 0x20 Ticket expired Frequently logged by computer accounts
33 0x21 Ticket not yet valid
33 0x21 Ticket not yet valid
34 0x22 Request is a replay
35 0x23 The ticket isn't for us
36 0x24 Ticket and authenticator don't match
37 0x25 Clock skew too great - Workstation’s clock too far out of sync with the DC’s
38 0x26 Incorrect net address IP address change?
39 0x27 Protocol version mismatch
40 0x28 Invalid msg type
41 0x29 Message stream modified
42 0x2A Message out of order
44 0x2C Specified version of key is not available
45 0x2D Service key not available
46 0x2E Mutual authentication failed may be a memory allocation failure
47 0x2F Incorrect message direction
48 0x30 Alternative authentication method required*
49 0x31 Incorrect sequence number in message
50 0x32 Inappropriate type of checksum in message
60 0x3C Generic error (description in e-text)
61 0x3D Field is too long for this implementation