Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Mailing Lists -> Oracle-L -> Windows Active Directory, MIT kerberos, KDC and Oracle Advanced Security

Windows Active Directory, MIT kerberos, KDC and Oracle Advanced Security

From: Laimutis Nedzinskas <Laimutis.Nedzinskas_at_landsbanki.is>
Date: Wed, 18 Jul 2007 10:31:50 -0000
Message-ID: <5A8896FB2AFC5445A7DCFC5903CCA6B06FEE3F@W03856.li01r1d.lais.net> 





Anyone got working Oracle 9i/10g (AIX/Linux/Windows) external
authentication via Windows 2003 AD KDC (MIT Kerberos) ?
Is it worth the effort, is it safe in a long run for production
environment?
 


So far I failed with 


- Oracle 10.2.0.1 on both RHAT Enterprise server v5 and Windows Standard

Edition 2003


- Oracle 9.2.0.6 on AIX 5.3

 


KDC is on Windows SE 2003, with hotfix implemented regarding DES
encryption
 


Technically, Oracle "sqlplus /@test" gets as far as to get both TGT and
TSK for db server principal (which is veryfied by running oklist)
This means that the most common kerberos issue with "Crediantials
retrival failed" is avoided.


Then it fails with either 
 


    
  
  1.   ORA-12637 (Packet receive failed) for Oracle 10.2.0.1 on both RHAT ES
v5 and Windows SE 2003. Oracle complains with "Read unexpected EOF ERROR
on 9" meaning that KDC failes to respond after about 10 minutes wait.
 
 
  
  2.   ORA-12631 (Username retrieval failed) for Oracle 9.2.0.6 on AIX
Here Oracle complains with "Returning 31: Decrypt integrity check
failed....error 12631 received from authentication service"
 





Does it makes sense to investigate any further or is it a dead end which
was never supposed to be in production?
 


Tahnk you in advance, 


Laimis N



Fyrirvari/Disclaimer


http://www.landsbanki.is/disclaimer


--
http://www.freelists.org/webpage/oracle-l


Received on Wed Jul 18 2007 - 05:31:50 CDT












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US