Oracle, Kerberos and Cross Realm

R Howard rhoward102002 at yahoo.com
Fri Oct 25 12:19:14 EDT 2002


Not sure I should post this here but I figured I would
give it a shot (I also posted it on an Oracle mailing
list).

Has anyone tried this and gotten it to work (Cross
Realm):

Microsoft 2000 KDC (Realm A)
Third Party KDC (Realm B) on Solaris

Sqlnet client (on Microsoft XP) resides in Realm A.
Oracle server (on Solaris 8) resides in Realm B.  The
service principal for the Oracle server was created on
Realm B - it matches the service listed in the
tnsnames.ora file.  Oracle on the server is using the
Third Party KDC for its authentication.

A mapping was created on Realm A for the service in
Realm B.  The user will log onto the client machine
and authenticate using the Microsoft KDC (Realm A). 
But when they go to use Sqlplus they will need to
access the Oracle server in Realm B - the reason for
the mapping on Realm A.  Basically, we want the user
to be able to connect to the database without having
to reenter their userid and password.

I have tested connecting to the instance on the server
using a userid and password and that works fine.

I am new to using Oracle and trying to understand the
parameter settings for the client and server side
sqlnet.ora, tnsnames.ora and listener.ora files.  So I
am not quite sure that I have them setup correctly. 
So far I either get 'failed to retrieve credentials'
or 'authentication service not found' or 'service name
not found'.

Any hints or pointers would be appreciated.



__________________________________________________
Do you Yahoo!?
Y! Web Hosting - Let the expert host your web site
http://webhosting.yahoo.com/



More information about the Kerberos mailing list