Oracle, Windows KDC, Third Party KDC and cross realm

From: rhoward <rhoward102002_at_yahoo.com>
Date: 7 Nov 2002 06:05:31 -0800
Message-ID: <f1eee027.0211070605.3a15191e@posting.google.com>

I'm brand new to Oracle and am having some problems getting things to work.

This is my setup:
I have a MS 2000 KDC (Realm A) and a third party KDC (Realm B) setup. I have an XP client in Realm A, with the Net8 software installed and SQLPlus installed. The Oracle 8i server resides in Realm B. I have a test database set up on the Oracle 8i server called Oracle. I created the service principal on Realm B for
Oracle/servername_at_REALM B. I also created a service principal on Realm A - Oracle_at_REALM A - and mapped it to the service principal on Realm B.

I keep getting a 'failed to retrieve credentials' error. Has anyone done this before? Am I missing something in the configuration files? Any help would be appreciated.

I'm not even sure this will work.

My SQLNET.ORA file on the Oracle server in Realm B is setup as follows:

        AUTOMATIC_IPC=OFF 
        NAMES.DIRECTORY_PATH= (TNSNAMES) 
        sqlnet.authentication_services=(beq, thirdparty) 
        sqlnet.authentication_gssapi_service=oracle/servername_at_RealmB 
        sqlnet.kerberos5_conf=/krb5/krb.conf 
        sqlnet.kerberos5_realms=/krb5/krb.realms 
        sqlnet.kerberos5_keytab=/krb5/v5srvtab 

My TNSNAMES.ORA file on the Oracle server in Realm B is setup as follows:

        ORACLE = 


        (DESCRIPTION = 

        (ADDRESS_LIST = 

        (ADDRESS = (PROTOCOL = TCP)(HOST = servername)(PORT =number)) 

        ) 


        (CONNECT_DATA = 

        (SERVICE_NAME = oracle) 

        ) 
        ) 

        INST1_HTTP = 


        (DESCRIPTION = 

        (ADDRESS_LIST = 

        (ADDRESS = (PROTOCOL = TCP)(HOST = servername)(PORT = number))

        ) 


        (CONNECT_DATA = 

        (SERVER = SHARED) 

        (SERVICE_NAME =oracle) 

        (PRESENTATION = http://admin) 

        ) 
        ) 

        EXTPROC_CONNECTION_DATA = 


        (DESCRIPTION = 

        (ADDRESS_LIST = 

        (ADDRESS = (PROTOCOL = IPC)(KEY = EXTPROC)) 

        ) 


        (CONNECT_DATA = 

        (SID = PLSExtProc) 

        (PRESENTATION = RO) 

        ) 
        ) 

My SQLNET.ORA file on the client in Realm A is setup as follows:

        SQLNET.AUTHENTICATION_KERBEROS5_SERVICE=Kerberos 
        NAMES.DEFAULT_DOMAIN=realma 
        SQLNET.AUTHENTICATION_SERVICES=(beq, kerberos5, thirdparty) 
        SQLNET.AUTHENTICATION_gssapi_SERVICE=oracle/servername_at_REALMB 
        SQLNET.KERBEROS5_CLOCKSKEW=1200 
        SQLNET.KERBEROS5_CONF=c:\etc\krb5.conf 
        SQLNET.KERBEROS5_REALMS=c:\etc\krb.realms 

        My TNSNAMES.ORA file on the client in Realm A is setup as

follows:

        INST1_HTTP.REALMA= 


        (DESCRIPTION= 

        (ADDRESS_LIST= 

        (ADDRESS= (PROTOCOL = TCP)(HOST=servername)(PORT=number)) 

        ) 


        (CONNECT_DATA= 

        (SERVER=SHARED) 

        (SERVICE_NAME=oracle) 

        (PRESENTATION= http://admin) ) 

        ) 

        ORACLE.REALMA= 


        (DESCRIPTION= 

        (ADDRESS_LIST= 

        (ADDRESS= (PROTOCOL=TCP)(HOST=servername)(PORT=number)) 

        ) 


        (CONNECT_DATA= 

        (SERVICE_NAME=oracle) 

        ) 
        )

Received on Thu Nov 07 2002 - 08:05:31 CST