"Permission denied in replay cache code" with SAP on Linux

Tim Alsop Tim.Alsop at CyberSafe.Ltd.UK
Mon Feb 21 06:10:52 EST 2005


Yes, we know our competition as there are many SAP SNC certified products listed, some still available, some not - the others available, are not using Kerberos, but use Public Key, or a propriatory technology.

I suggest you need to read the license agreement which is shipped with MIT sources - it explains the "support" which is/isn't offered.

I don't think the MIT mailing list is appropriate to have this type of discussion - it is a technical discussion list, not for discussions about pros/cons of "open source" v "COTS" software. So, if you want to discuss this further I suggest we chat offlist.

Regards, Tim 

-----Original Message-----
From: Barbat, Calin [mailto:c.barbat at osram.de] 
Sent: 21 February 2005 11:05
To: Tim Alsop
Cc: kerberos at mit.edu
Subject: AW: "Permission denied in replay cache code" with SAP on Linux

Hello Mr. Alsop,

Thank you for the reminder, perhaps I'll come back to your offer. But don't rely on this affirmation, as there are other "commercially supported, and SAP AG certified" alternatives to your product. I assume you know your competition. 

Best regards and have a nice day,


PS: I don't think MIT Kerberos V is unsupported, this is why these mailing lists are there and you can also get (and look at) the code. I'll let a copy of this message go to the Kerberos mailing list, others could have similar views/opinions and may be interested in your commercial, targeted offer.

-----Ursprüngliche Nachricht-----
Von: Tim Alsop [mailto:Tim.Alsop at CyberSafe.Ltd.UK]
Gesendet: Montag, 21. Februar 2005 11:38
An: Barbat, Calin
Cc: Tim Alsop
Betreff: RE: "Permission denied in replay cache code" with SAP on Linux

One of the disadvantages of using unsupported code, I guess :-) When you are ready to consider our commercially supported, and SAP AG certified product please let me know.

Take care,


-----Original Message-----
From: kerberos-bounces at mit.edu [mailto:kerberos-bounces at mit.edu] On Behalf Of Barbat, Calin
Sent: 21 February 2005 10:33
To: kerberos at mit.edu
Subject: "Permission denied in replay cache code" with SAP on Linux

Hello friends,

after a while of running without problems I get the following trace from a SAP R/3 dialogue instance:

N    File "/usr/local/lib/snckrb5.so" dynamically loaded as SNC-Adapter.
N    The Adapter identifies as:
N    External SNC-Adapter (Rev 1.0) to Kerberos 5/GSS-API v2
N  SncInit():   found snc/identity/as=p:service at DOMAIN.COM
N  *** ERROR => SncPAcquireCred()==SNCERR_GSSAPI  [sncxxall.c 1216]
N        GSS-API(maj): Miscellaneous failure
N        GSS-API(min): Permission denied in replay cache code
N      Could't acquire ACCEPTING credentials for
N      name="p:service at DOMAIN.COM"
N  SncInit(): Fatal -- Accepting Credentials not available!
N  <<- SncInit()==SNCERR_GSSAPI
N           sec_avail = "false"
M  ***LOG R19=> ThSncInit, SncInit ( SNC-000004) [thxxsnc.c    219]
M  *** ERROR => ThSncInit: SncInit (SNCERR_GSSAPI) [thxxsnc.c    221]
M  in_ThErrHandle: 1
M  *** ERROR => SncInit (step 1, th_errno 44, action 3) [thxxhead.c 8015]

It seems to me that this message is Kerberos-related, has somebody any useful hint for me?
The main SAP instance is running on Solaris and some dialogue instances are on Linux.
Best regards,


Kerberos mailing list           Kerberos at mit.edu

More information about the Kerberos mailing list