Skip to Main Content
Forums

Database Software

Announcement

For appeals, questions and feedback about Oracle Forums, please email oracle-forums-moderators_us@oracle.com. Technical questions should be asked in the appropriate category. Thank you!

Interested in getting your voice heard by members of the Developer Marketing team at Oracle? Check out this post for AppDev or this post for AI focus group information.

Cross Realm Authentication

364869Nov 4 2002
I'm brand new to Oracle and am having some problems getting things to work.

This is my setup:
I have a MS 2000 KDC (Realm A) and a third party KDC (Realm B) setup. I have an XP client in Realm A, with the
Net8 software installed and SQLPlus installed. The Oracle 8i server resides in Realm B. I have a test database
set up on the Oracle 8i server called Oracle. I created the service principal on Realm B for
Oracle/servername@REALM B. I also created a service principal on Realm A - Oracle@REALM A - and mapped it
to the service principal on Realm B.

I keep getting a 'failed to retrieve credentials' error. Has anyone done this before? Am I missing something in the
configuration files? Any help would be appreciated.

My SQLNET.ORA file on the Oracle server in Realm B is setup as follows:

AUTOMATIC_IPC=OFF
NAMES.DIRECTORY_PATH= (TNSNAMES)
sqlnet.authentication_services=(beq, thirdparty)
sqlnet.authentication_gssapi_service=oracle/servername@RealmB
sqlnet.kerberos5_conf=/krb5/krb.conf
sqlnet.kerberos5_realms=/krb5/krb.realms
sqlnet.kerberos5_keytab=/krb5/v5srvtab

My TNSNAMES.ORA file on the Oracle server in Realm B is setup as follows:

ORACLE =
(DESCRIPTION =
(ADDRESS_LIST =
(ADDRESS = (PROTOCOL = TCP)(HOST = servername)(PORT =number))
)
(CONNECT_DATA =
(SERVICE_NAME = oracle)
)
)

INST1_HTTP =
(DESCRIPTION =
(ADDRESS_LIST =
(ADDRESS = (PROTOCOL = TCP)(HOST = servername)(PORT = number))
)
(CONNECT_DATA =
(SERVER = SHARED)
(SERVICE_NAME =oracle)
(PRESENTATION = http://admin)
)
)

EXTPROC_CONNECTION_DATA =
(DESCRIPTION =
(ADDRESS_LIST =
(ADDRESS = (PROTOCOL = IPC)(KEY = EXTPROC))
)
(CONNECT_DATA =
(SID = PLSExtProc)
(PRESENTATION = RO)
)
)

My SQLNET.ORA file on the client in Realm A is setup as follows:

SQLNET.AUTHENTICATION_KERBEROS5_SERVICE=Kerberos
NAMES.DEFAULT_DOMAIN=realma
SQLNET.AUTHENTICATION_SERVICES=(beq, kerberos5, thirdparty)
SQLNET.AUTHENTICATION_gssapi_SERVICE=oracle/servername@REALMB
SQLNET.KERBEROS5_CLOCKSKEW=1200
SQLNET.KERBEROS5_CONF=c:\etc\krb5.conf
SQLNET.KERBEROS5_REALMS=c:\etc\krb.realms

My TNSNAMES.ORA file on the client in Realm A is setup as follows:

INST1_HTTP.REALMA=
(DESCRIPTION=
(ADDRESS_LIST=
(ADDRESS= (PROTOCOL = TCP)(HOST=servername)(PORT=number))
)
(CONNECT_DATA=
(SERVER=SHARED)
(SERVICE_NAME=oracle)
(PRESENTATION= http://admin) )
)

ORACLE.REALMA=
(DESCRIPTION=
(ADDRESS_LIST=
(ADDRESS= (PROTOCOL=TCP)(HOST=servername)(PORT=number))
)
(CONNECT_DATA=
(SERVICE_NAME=oracle)
)
)
Comments
Locked Post
New comments cannot be posted to this locked post.
Post Details
Locked on Dec 2 2002
Added on Nov 4 2002
#database-security, #database-security-general
0 comments
423 views