Kerberos authentication fails with ORA 1017 in 11g - Wallet getting in the way?
Date: Thu, 18 Feb 2010 10:26:28 -0800
Message-ID: <2A8185DC02A8CE4C8413E0A26A8A831A0987E458AB_at_XEDAMAIL2.ex.ad3.ucdavis.edu>
Chris Taylor posted something similar. We are experiencing a connection issue on our new server using 11g that seems to first try to use a wallet connection:
[18-FEB-2010 09:13:07:448] nzupgew_get_environ_wrl: Environment Variable not found or empty value.
[18-FEB-2010 09:13:07:448] nzupgew_get_environ_wrl: returning error: 28781
After this initial handshake, it forgets it's doing a kerberos authentication and we get an invalid username/password, ORA 1017, instead of a credentials retrieval failure, or better yet, successful connection!
I can connect from this new server to our old server, successfully authenticating using Kerberos. I can authenticate with Kerberos from the new server to a directly-that is, not using a remote connection--but as soon as I introduce the remote connection (TWO_TASK pointing to a kerberized listener network string), it seems to want to use wallet authentication first (which is an interesting twist, because I would like to use wallet authentication with TWO_TASK but have never been able to make that work-maybe that's an 11g feature).
We do use the wallet for TDE, but it is not configured for OS authentication. I wonder if there is something I can to tell Oracle to not try to use the wallet for OS authentication? (I've had a service request open with Oracle since Feb 4 -why don't they require their support staff to work the same shift as the people they support?)
Does anyone even use Kerberos?
Thanks,
Debi
-- http://www.freelists.org/webpage/oracle-lReceived on Thu Feb 18 2010 - 12:26:28 CST