SUPPORT / SAMPLES & SAS NOTES
Problem Note 66935: Start-up of the CAS controller fails with the message "Kerberos failure in function krb5_verify_init_creds: Permission denied (0000000D)"
 |  |  |  |  |
Start-up of the SAS® Cloud Analytic Services (CAS) controller fails after you enable Kerberos authentication with constrained delegation. In the CAS log, you see messages that are similar to the following:
2020-08-17T15:29:15,901 INFO [00000004] MAIN NoUser MAIN [tkident.c:7129] - Kerberos is configured.
2020-08-17T15:29:15,909 INFO [00000004] MAIN NoUser MAIN [tkidentgss.c:1670] - Attempting to use keytab file: /etc/sascas.keytab.
2020-08-17T15:29:15,917 WARN [00000004] MAIN NoUser MAIN [tkidentgss.c:257] - Kerberos failure in function krb5_verify_init_creds: Permission denied (0000000D).
2020-08-17T15:29:15,917 ERROR [00000004] MAIN NoUser MAIN [tkidentgss.c:1797] - Failed to verify initial credentials using keytab /etc/sascas.keytab.
2020-08-17T15:29:15,909 INFO [00000004] MAIN NoUser MAIN [tkidentgss.c:1670] - Attempting to use keytab file: /etc/sascas.keytab.
2020-08-17T15:29:15,917 WARN [00000004] MAIN NoUser MAIN [tkidentgss.c:257] - Kerberos failure in function krb5_verify_init_creds: Permission denied (0000000D).
2020-08-17T15:29:15,917 ERROR [00000004] MAIN NoUser MAIN [tkidentgss.c:1797] - Failed to verify initial credentials using keytab /etc/sascas.keytab.
These messages appear when the VERIFY_AP_REQ_NOFAIL variable is set to true in the krb5.conf file.
The messages can also occur because you do not have the appropriate permissions for the /etc/sascas.keytab file.
Click the Hot Fix tab in this note for a link to instructions about accessing and applying the software update.
Operating System and Release Information
| Product Family | Product | System | Product Release | SAS Release | ||
| Reported | Fixed* | Reported | Fixed* | |||
| SAS System | SAS Viya | Linux for x64 | 3.4 | 3.5 | Viya | Viya |