Kerberos authentication fails with ORA 1017 in 11g - Wallet getting in the way?

From: Debi Lorraine <>
Date: Thu, 18 Feb 2010 10:26:28 -0800
Message-ID: <>

Chris Taylor posted something similar. We are experiencing a connection issue on our new server using 11g that seems to first try to use a wallet connection:

[18-FEB-2010 09:13:07:448] nzupgew_get_environ_wrl: Environment Variable not found or empty value.
[18-FEB-2010 09:13:07:448] nzupgew_get_environ_wrl: returning error: 28781

After this initial handshake, it forgets it's doing a kerberos authentication and we get an invalid username/password, ORA 1017, instead of a credentials retrieval failure, or better yet, successful connection!

I can connect from this new server to our old server, successfully authenticating using Kerberos. I can authenticate with Kerberos from the new server to a directly-that is, not using a remote connection--but as soon as I introduce the remote connection (TWO_TASK pointing to a kerberized listener network string), it seems to want to use wallet authentication first (which is an interesting twist, because I would like to use wallet authentication with TWO_TASK but have never been able to make that work-maybe that's an 11g feature).

We do use the wallet for TDE, but it is not configured for OS authentication. I wonder if there is something I can to tell Oracle to not try to use the wallet for OS authentication? (I've had a service request open with Oracle since Feb 4 -why don't they require their support staff to work the same shift as the people they support?)

Does anyone even use Kerberos?



Received on Thu Feb 18 2010 - 12:26:28 CST

Original text of this message