Skip to Main Content
Forums

Database Software

Announcement

For appeals, questions and feedback about Oracle Forums, please email oracle-forums-moderators_us@oracle.com. Technical questions should be asked in the appropriate category. Thank you!

Cross Realm Authentication

364869Nov 4 2002
I'm brand new to Oracle and am having some problems getting things to work.

This is my setup:
I have a MS 2000 KDC (Realm A) and a third party KDC (Realm B) setup. I have an XP client in Realm A, with the
Net8 software installed and SQLPlus installed. The Oracle 8i server resides in Realm B. I have a test database
set up on the Oracle 8i server called Oracle. I created the service principal on Realm B for
Oracle/servername@REALM B. I also created a service principal on Realm A - Oracle@REALM A - and mapped it
to the service principal on Realm B.

I keep getting a 'failed to retrieve credentials' error. Has anyone done this before? Am I missing something in the
configuration files? Any help would be appreciated.

My SQLNET.ORA file on the Oracle server in Realm B is setup as follows:

AUTOMATIC_IPC=OFF
NAMES.DIRECTORY_PATH= (TNSNAMES)
sqlnet.authentication_services=(beq, thirdparty)
sqlnet.authentication_gssapi_service=oracle/servername@RealmB
sqlnet.kerberos5_conf=/krb5/krb.conf
sqlnet.kerberos5_realms=/krb5/krb.realms
sqlnet.kerberos5_keytab=/krb5/v5srvtab

My TNSNAMES.ORA file on the Oracle server in Realm B is setup as follows:

ORACLE =
(DESCRIPTION =
(ADDRESS_LIST =
(ADDRESS = (PROTOCOL = TCP)(HOST = servername)(PORT =number))
)
(CONNECT_DATA =
(SERVICE_NAME = oracle)
)
)

INST1_HTTP =
(DESCRIPTION =
(ADDRESS_LIST =
(ADDRESS = (PROTOCOL = TCP)(HOST = servername)(PORT = number))
)
(CONNECT_DATA =
(SERVER = SHARED)
(SERVICE_NAME =oracle)
(PRESENTATION = http://admin)
)
)

EXTPROC_CONNECTION_DATA =
(DESCRIPTION =
(ADDRESS_LIST =
(ADDRESS = (PROTOCOL = IPC)(KEY = EXTPROC))
)
(CONNECT_DATA =
(SID = PLSExtProc)
(PRESENTATION = RO)
)
)

My SQLNET.ORA file on the client in Realm A is setup as follows:

SQLNET.AUTHENTICATION_KERBEROS5_SERVICE=Kerberos
NAMES.DEFAULT_DOMAIN=realma
SQLNET.AUTHENTICATION_SERVICES=(beq, kerberos5, thirdparty)
SQLNET.AUTHENTICATION_gssapi_SERVICE=oracle/servername@REALMB
SQLNET.KERBEROS5_CLOCKSKEW=1200
SQLNET.KERBEROS5_CONF=c:\etc\krb5.conf
SQLNET.KERBEROS5_REALMS=c:\etc\krb.realms

My TNSNAMES.ORA file on the client in Realm A is setup as follows:

INST1_HTTP.REALMA=
(DESCRIPTION=
(ADDRESS_LIST=
(ADDRESS= (PROTOCOL = TCP)(HOST=servername)(PORT=number))
)
(CONNECT_DATA=
(SERVER=SHARED)
(SERVICE_NAME=oracle)
(PRESENTATION= http://admin) )
)

ORACLE.REALMA=
(DESCRIPTION=
(ADDRESS_LIST=
(ADDRESS= (PROTOCOL=TCP)(HOST=servername)(PORT=number))
)
(CONNECT_DATA=
(SERVICE_NAME=oracle)
)
)
Comments
Locked Post
New comments cannot be posted to this locked post.
Post Details
Locked on Dec 2 2002
Added on Nov 4 2002
#database-security, #database-security-general
0 comments
454 views