Problem Note 66935: Start-up of the CAS controller fails with the message "Kerberos failure in function krb5_verify_init_creds: Permission denied (0000000D)"
 |  |  |  |  |
Start-up of the SAS® Cloud Analytic Services (CAS) controller fails after you enable Kerberos authentication with constrained delegation. In the CAS log, you see messages that are similar to the following:
2020-08-17T15:29:15,909 INFO [00000004] MAIN NoUser MAIN [tkidentgss.c:1670] - Attempting to use keytab file: /etc/sascas.keytab.
2020-08-17T15:29:15,917 WARN [00000004] MAIN NoUser MAIN [tkidentgss.c:257] - Kerberos failure in function krb5_verify_init_creds: Permission denied (0000000D).
2020-08-17T15:29:15,917 ERROR [00000004] MAIN NoUser MAIN [tkidentgss.c:1797] - Failed to verify initial credentials using keytab /etc/sascas.keytab.
These messages appear when the VERIFY_AP_REQ_NOFAIL variable is set to true in the krb5.conf file.
The messages can also occur because you do not have the appropriate permissions for the /etc/sascas.keytab file.
Click the Hot Fix tab in this note for a link to instructions about accessing and applying the software update.
Operating System and Release Information
| Product Family | Product | System | Product Release | SAS Release | ||
| Reported | Fixed* | Reported | Fixed* | |||
| SAS System | SAS Viya | Linux for x64 | 3.4 | 3.5 | Viya | Viya |
Viya on Linux: An update for this issue is available for SAS Viya 3.5. For instructions on how to access and apply software updates, see the Updating Your SAS Viya software section in the SAS Viya 3.5 for Linux Deployment Guide at
http://documentation.sas.com/?softwareId=administration&softwareVersion=3.5&softwareContextId=softwareUpdates| Type: | Problem Note |
| Priority: | medium |
| Date Modified: | 2020-11-18 13:36:53 |
| Date Created: | 2020-11-16 03:23:54 |