Hello All,
we are using Kerberos Authentication with connection type "TNS" in Oracle SQL Developer Extension for VSCode (version 25.2.2).
When using TNS as the connection type, the extension always prompts for a password. Interestingly, we can enter any password and the connection still succeeds.
If we switch to "Custom JDBC", no password is requested at all, which works fine — but this connection type is not as user-friendly as TNS for end users.
Current Client setup
- Windows 10 or 11
- Environment variable
TNS_ADMIN is set
- The directory defined in
TNS_ADMIN contains both tnsnames.ora and sqlnet.ora
- Kerberos client settings in sqlnet.ora:
SQLNET.KERBEROS5_CC_NAME = MSLSA:
SQLNET.AUTHENTICATION_SERVICES= (KERBEROS5)
SQLNET.KERBEROS5_CLOCKSKEW = 6000
SQLNET.KERBEROS5_CONF = C:\oracle\admin\network\krb5.conf
SQLNET.KERBEROS5_CONF_MIT = TRUE
- Registry setting applied as per Doc ID 3094002.1 (Remediation of Kerberos Connection Failures after Microsoft Defender Endpoint Updates on Active Directory):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Parameters
Entry: AllowTgtSessionKey
Type: REG_DWORD
Value: 1
In VSCode Extension:
- Connection type = TNS
- In Advanced tab → set:
oracle.net.authentication_services = KERBEROS5
- Username = /
- Password = (left empty)
If I test the connection this way, it works fine without asking for a password.
Problem / Question
- When using TNS, the extension always prompts for a password (even though any value works).
- With Custom JDBC, no password is requested — but that’s not very practical for business users.
My goals:
- Avoid the password prompt entirely when using TNS + Kerberos.
- Current workaround: save a dummy password in the connection.
- (Feature request) Would it be possible to add a dedicated connection type "Kerberos" in the extension?
- This would remove the need for users to manually tweak the Advanced tab.
Thanks in advance for any hints or plans regarding this!