Centrify DirectControl, Centrify Identity Service, Mac Edition, Centrify DirectAudit
KB-1418: SAP SSO failure with error "Permission denied in replay cache code"
Applies to: DirectControl for SAP running on IBM AIX 5.x, 6.1
After restart of the SAP, SNC initialization failed and SAP Single Sign On failed to work. The following error is reported:
GSS-API(maj): Miscellaneous failure GSS-API(min): Permission denied in replay cache code
This error "Permission denied in replay cache code" is usually caused by a file permission (or file ownership) problem on the cache file. On AIX systems, the cache file is located at /var/krb5/security/creds/krb5cc_xxx, where the number xxx is the uid of the sap adm user.
1. Check ownership and permission of /etc/krb5/krb5.keytab. The sap adm account need access to the keytab file. 2. Check ownership and permission of /var/krb5/security/creds/krb5cc_###, where ### is the uid of the sap adm user. 3. If sap adm account have the permission to access both file, then try removing the cache file: /var/krb5/security/creds/krb5cc_### It will be created next time when the sap adm user login again.