Oracle Advanced Security Option and Kerberos
Douglas E. Engert
deengert at anl.gov
Fri Feb 24 15:57:52 EST 2006
Rodney M Dyer wrote:
> At 11:15 AM 2/24/2006, Douglas E. Engert wrote:
>
>>I am looking for other Kerberos sites that use Oracle with or without the ASO
>>who would like to see the ASO improved. I would also be interested to know if
>>you have approached Oracle on improvements, and what was their response.
>
>
> We've been using Kerberized Oracle for over a year now without problems,
> although we did have some initial problems getting everything working,
> specifically the KRB5CCNAME issue you mentioned,
How did you get around it? As a test, converting from FILE:/tmp/...
to FILE://tmp/... worked, as it would strip FILE:/ from the variable to
get the file name. Unix will treat //tmp/... and /tmp/... as the same.
> and not being able to use MITs kinit.
It appeared to work for me using 10g. And forward tickets via ssh
with gssapi worked too.
What about having to use principal names as the database users,
did you do anything about this?
> As for improvements it would be nice if it was fully MIT
> compatible as well as Microsoft's SSPI.
Have you talked to your Oracle rep?
>
> Rodney
>
> Rodney M. Dyer
> Windows Systems Programmer
> Mosaic Computing Group
> William States Lee College of Engineering
> University of North Carolina at Charlotte
> Email: rmdyer at uncc.edu
> Web: http://www.coe.uncc.edu/~rmdyer
> Phone: (704)687-3518
> Help Desk Line: (704)687-3150
> FAX: (704)687-2352
> Office: Cameron Applied Research Center, Room 232
>
> ________________________________________________
> Kerberos mailing list Kerberos at mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos
>
>
--
Douglas E. Engert <DEEngert at anl.gov>
Argonne National Laboratory
9700 South Cass Avenue
Argonne, Illinois 60439
(630) 252-5444
More information about the Kerberos
mailing list