Oracle 10g R2 on Linux with Kerberos 5

From: Maimon Oded <oded.maimon_at_gmail.com>
Date: Tue, 8 Nov 2005 14:51:30 +0200
Message-ID: <afc75c420511080451l5a9de03cjfda68c83a4a3400@mail.gmail.com>

Hi all,
I'm getting desperate..
 I've a working KDC on linux (RH3-U5), i can authenticate to my other linux machines with it, i can run rsh,telnet with that KDC. so the kdc is working.
 i'm trying to configure oracle 10gR2 (also on linux) with it, but i guss i'm missing something very important.
the OS kinit command is working, oracle okinit command is not working, i'm getting:

*[oracle_at_lxoid1 admin]$ okinit*

*Kerberos Utilities for Linux: Version 10.2.0.1.0 - Production on
08-NOV-2005 15:31:34*
*Copyright (c) 1996, 2004 Oracle. All rights reserved.*

*Password for **oracle_at_mydom.com* <oracle_at_mydom.com>*:
okinit: Password incorrect
okinit: Decrypt integrity check failed
*

my sqlnet.ora:

*NAMES.DIRECTORY_PATH= (TNSNAMES)

SQLNET.AUTHENTICATION_SERVICES = (KERBEROS5)
SQLNET.KERBEROS5_KEYTAB = /etc/krbora10g.keytab
SQLNET.KERBEROS5_CONF = /etc/krb5.conf
SQLNET.KERBEROS5_CONF_MIT = TRUE
SQLNET.AUTHENTICATION_KERBEROS5_SERVICE = ora10g
TRACE_LEVEL_CLIENT = SUPPORT
TRACE_LEVEL_SERVER = SUPPORT

TRACE_DIRECTORY_CLIENT = /tmp/clnt
TRACE_DIRECTORY_SERVER = /tmp/srv*

the owner of /etc/krbora10g.keytab is oracle:dba.

running kinit, and then running "sqlplus /@mydb" return:

*SQL*Plus: Release 10.2.0.1.0 - Production on Tue Nov 8 15:46:02 2005*

*Copyright (c) 1982, 2005, Oracle. All rights reserved.*

*ERROR:

ORA-12638: Credential retrieval failed
*

pleaaaaasssssseee, HELP!

Oded.

--
http://www.freelists.org/webpage/oracle-l

Received on Tue Nov 08 2005 - 06:53:34 CST