My project is in the process of implementing Kerberos authentication with Active Directory integration. The Active Directory domain server will serve as the Key Distribution Center (KDC). We are still at the early stages and investigating this solution. Database version is 184.108.40.206.0 and runs on Solaris 11.4. Our application architecture is client/server and the application is c++ driven. Oracle client version 19c.
Kerberos authentication is already configured and being used for other services on the database server. The kerberos configuration file, /etc/krb5/krb5.conf, has been modified for the other services. I noticed it is actually a softlink to a service configuration file.
Question: can a separate krb5.conf file be created exclusively for the oracle service and stored in a separate location which will then be referenced in the sqlnet.ora file? Are there any restrictions to this approach if it is allowed?
Also, documentation we have read so far says to create the same krb5.conf file on the client with a reference to it in the client sqlnet.ora file. Same question as above: can we create the krb5.conf file and store in a location of our choice, say under oracle home directory path?
I may have follow-up questions as we progress on our implementation path.