Oracle ODP.NET use of MIT KfW

Scot McKinley scot.mckinley at
Fri Jul 24 16:41:10 EDT 2020

Hi, at Oracle we have a client DB adapter called ODP.NET Managed and 
Core that uses MIT KerberosforWindows (KfW) in order to use Kerberos 
based credentials to authenticate to the DB.

I have a couple of questions in reference to this product's use of KfW:

* The announcement pages for the KfW have quoted support for the exact 
same Windows versions for at least 7 years, probably longer. The below 
statement has been exactly the same for versions 4.0.1, 4.1 AND the new 
4.2beta1. Can we get it updated?

"KfW is supported on Windows Vista (SP2 required), Windows 7, Windows 8, 
Windows Server 2003, and Windows Server 2008."

* The Microsoft Credential Guard blocks acquisition of windows domain 
based TGTs, thus blocking MSLSA based KfW credential acquisition. Has 
this been addressed in 4.2beta1 or are there plans to address it (eg, by 
switching to a SSPI based credential acquisition)?


Scot McKinley
Consulting Member of Technical
ODP.NET Network and Security

More information about the krbdev mailing list