Problem Note 66935: Start-up of the CAS controller fails with the message "Kerberos failure in function krb5_verify_init_creds: Permission denied (0000000D)"
Start-up of the SAS® Cloud Analytic Services (CAS) controller fails after you enable Kerberos authentication with constrained delegation. In the CAS log, you see messages that are similar to the following:
2020-08-17T15:29:15,901 INFO [00000004] MAIN NoUser MAIN [tkident.c:7129] - Kerberos is configured.
2020-08-17T15:29:15,909 INFO [00000004] MAIN NoUser MAIN [tkidentgss.c:1670] - Attempting to use keytab file: /etc/sascas.keytab.
2020-08-17T15:29:15,917 WARN [00000004] MAIN NoUser MAIN [tkidentgss.c:257] - Kerberos failure in function krb5_verify_init_creds: Permission denied (0000000D).
2020-08-17T15:29:15,917 ERROR [00000004] MAIN NoUser MAIN [tkidentgss.c:1797] - Failed to verify initial credentials using keytab /etc/sascas.keytab.
These messages appear when the VERIFY_AP_REQ_NOFAIL variable is set to true in the krb5.conf file.
The messages can also occur because you do not have the appropriate permissions for the /etc/sascas.keytab file.
Click the Hot Fix tab in this note for a link to instructions about accessing and applying the software update.
Operating System and Release Information
SAS System | SAS Viya | Linux for x64 | 3.4 | 3.5 | Viya | Viya |
*
For software releases that are not yet generally available, the Fixed
Release is the software release in which the problem is planned to be
fixed.
This issue occurs when the VERIFY_AP_REQ_NOFAIL variable is set to "true" in the krb5.conf file.
Type: | Problem Note |
Priority: | medium |
Date Modified: | 2020-11-18 13:36:53 |
Date Created: | 2020-11-16 03:23:54 |