Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Mailing Lists -> Oracle-L -> Oracle configuration using Kerberos in two different realms

Oracle configuration using Kerberos in two different realms

From: R Howard <rhoward102002_at_yahoo.com>
Date: Fri, 25 Oct 2002 06:38:59 -0800
Message-ID: <F001.004F3A87.20021025063859@fatcity.com> 





Has anyone tried this and gotten it to work (Cross
Realm):



Microsoft 2000 KDC (Realm A)


Third Party KDC (Realm B) on Solaris



Sqlnet client (on Microsoft XP) resides in Realm A.



Oracle server (on Solaris 8) resides in Realm B.  The
service principal for the Oracle server was created on
Realm B - it matches the service listed in the
tnsnames.ora file.  Oracle on the server is using the
Third Party KDC for its authentication.



A mapping was created on Realm A for the service in
Realm B.  The user will log onto the client machine
and authenticate using the Microsoft KDC (Realm A). 
But when they go to use Sqlplus they will need to
access the Oracle server in Realm B - the reason for
the mapping on Realm A.  Basically, we want the user
to be able to connect to the database without having
to reenter their userid and password.



I have tested connecting to the instance on the server
using a userid and password and that works fine.



I am new to using Oracle and trying to understand the
parameter settings for the client and server side
sqlnet.ora, tnsnames.ora and listener.ora files.  So I
am not quite sure that I have them setup correctly. 
So far I either get 'failed to retrieve credentials'
or 'authentication service not found' or 'service name
not found'.



Any hints or pointers would be appreciated.







Do you Yahoo!?


Y! Web Hosting - Let the expert host your web site
http://webhosting.yahoo.com/


-- 



Please see the official ORACLE-L FAQ: http://www.orafaq.com


-- 



Author: R Howard


  INET: rhoward102002_at_yahoo.com


Fat City Network Services    -- 858-538-5051 http://www.fatcity.com
San Diego, California        -- Mailing list and web hosting services
---------------------------------------------------------------------


To REMOVE yourself from this mailing list, send an E-Mail message
to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in
the message BODY, include a line containing: UNSUB ORACLE-L
(or the name of mailing list you want to be removed from).  You may
also send the HELP command for other information (like subscribing).
Received on Fri Oct 25 2002 - 09:38:59 CDT












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US