Oracle FAQ | Your Portal to the Oracle Knowledge Grid |
Home -> Community -> Usenet -> c.d.o.server -> Help, Cross Realm and SSO
I'm brand new to Oracle and am having some problems getting things to
work. I'm not even sure this will work. From everything I have found
in the manuals and the internet it looks like the adapter on the
client and the server have to match.
This is my setup:
I have a MS 2000 KDC (Realm A) and a third party KDC (Realm B) setup.
I have an XP client in Realm A, with the Net8 software installed and
SQLPlus installed. The adapter installed on the client is Kerberos.
The Oracle 8i server resides in Realm B. I have a test database set up
on the Oracle 8i server called Oracle. I created the service principal
on Realm B for Oracle/servername_at_REALM B. I also created a service
principal on Realm A - Oracle_at_REALM A - and mapped it to the service
principal on Realm B. The adapter installed on the server is a
different from the client - this one supports the third party KDC that
was implemented.
I keep getting a 'failed to retrieve credentials' error. Has anyone done this before? Am I missing something in the configuration files? Any help would be appreciated.
My SQLNET.ORA file on the Oracle server in Realm B is setup as follows:
AUTOMATIC_IPC=OFF
NAMES.DIRECTORY_PATH= (TNSNAMES)
sqlnet.authentication_services=(beq, thirdparty) sqlnet.authentication_gssapi_service=oracle/servername_at_RealmB sqlnet.kerberos5_conf=/krb5/krb.conf sqlnet.kerberos5_realms=/krb5/krb.realms sqlnet.kerberos5_keytab=/krb5/v5srvtab
My TNSNAMES.ORA file on the Oracle server in Realm B is setup as follows:
ORACLE =
(DESCRIPTION =
(ADDRESS_LIST =
(ADDRESS = (PROTOCOL = TCP)(HOST = servername)(PORT =number))
)
(CONNECT_DATA =
(SERVICE_NAME = oracle)
)
)
INST1_HTTP =
(DESCRIPTION =
(ADDRESS_LIST =
(ADDRESS = (PROTOCOL = TCP)(HOST = servername)(PORT = number))
)
(CONNECT_DATA =
(SERVER = SHARED)
(SERVICE_NAME =oracle)
(PRESENTATION = http://admin)
)
)
EXTPROC_CONNECTION_DATA =
(DESCRIPTION =
(ADDRESS_LIST =
(ADDRESS = (PROTOCOL = IPC)(KEY = EXTPROC))
)
(CONNECT_DATA =
(SID = PLSExtProc)
(PRESENTATION = RO)
)
)
My SQLNET.ORA file on the client in Realm A is setup as follows:
SQLNET.AUTHENTICATION_KERBEROS5_SERVICE=Kerberos NAMES.DEFAULT_DOMAIN=realma
SQLNET.AUTHENTICATION_SERVICES=(beq, kerberos5, thirdparty) SQLNET.AUTHENTICATION_gssapi_SERVICE=oracle/servername_at_REALMB SQLNET.KERBEROS5_CLOCKSKEW=1200 SQLNET.KERBEROS5_CONF=c:\etc\krb5.conf SQLNET.KERBEROS5_REALMS=c:\etc\krb.realms
My TNSNAMES.ORA file on the client in Realm A is setup as follows:
INST1_HTTP.REALMA=
(DESCRIPTION=
(ADDRESS_LIST=
(ADDRESS= (PROTOCOL = TCP)(HOST=servername)(PORT=number))
)
(CONNECT_DATA=
(SERVER=SHARED)
(SERVICE_NAME=oracle)
(PRESENTATION= http://admin) )
)
ORACLE.REALMA=
(DESCRIPTION=
(ADDRESS_LIST=
(ADDRESS= (PROTOCOL=TCP)(HOST=servername)(PORT=number))
)
(CONNECT_DATA=
(SERVICE_NAME=oracle)
)
)
Received on Fri Nov 15 2002 - 18:34:53 CST