| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
 |
 | |||
| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
|
| |||
Home -> Community -> Mailing Lists -> Oracle-L -> Kerberos OKINIT , OKLIST, ORA-12699
I'm trying to get Kerberos authentication to work. I am not using LDAP at all. I just want to authenticate with Kerberos.
Kerberos itself is working fine. "kinit" and "klist" work as expected. I had our security admin create a service principle. Does there have to be one per machine or one per database? Does the service principle need to match the sql*net service name? When one issues okinit <username> what is the format of the username? No matter what I use okinit does not request a password and oklist shows no credentials.
After configuring sqlnet.ora. I am testing now on the database machine itself any connects which employ that version fail with ora-12699 whether or not they are identified "externally" or via the database.
Being old school, I don't like using aids such as netmgr. Nearly all these types of tools are awful when they first come out. But I tried to use them to setup Kerberos authentication. I save the network configuration, but when I go back into the tool nothing appears to be saved. Is this normal?
Ian MacGregor
Stanford Linear Accelerator Center
ian_at_SLAC.Stanford.edu
--
Please see the official ORACLE-L FAQ: http://www.orafaq.net
--
Author: MacGregor, Ian A.
INET: ian_at_SLAC.Stanford.EDU
Fat City Network Services -- 858-538-5051 http://www.fatcity.com San Diego, California -- Mailing list and web hosting services ---------------------------------------------------------------------To REMOVE yourself from this mailing list, send an E-Mail message to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing). Received on Fri Aug 22 2003 - 14:14:27 CDT
 |
 |