Oracle FAQ | Your Portal to the Oracle Knowledge Grid |
Home -> Community -> Usenet -> c.d.o.server -> Problem with single sign-on using Kerberos on W2K server
Hi All,
I've encountered problem when setting up single sign-on using Kerberos. Grateful if someone can give me some idea on that. The situation is as follows.
Database: 9.2.0 on HP-UX 11i (hostname=ediud15,SID=dev1) KDC: W2K server (hostname=kdcserver,domain name=KDCDOMAIN) Client: sqlplus 8.0.6 on W2K professional (domain user name=tswsin)
I can successfully obtain a ticket as follows:
C:\>oklist
Kerberos Utilities for 32-bit Windows: Version 9.2.0.1.0 - Production on
26-2-2003 15:59:50
Copyright (c) 1996, 2002 Oracle Corporation. All rights reserved.
Ticket cache: /tmp/krb.cc
Default principal: tswsin_at_KDCDOMAIN
Valid Starting Expires Principal
26-2-2003 15:58:33 26-2-2003 23:59:37 krbtgt/KDCDOMAIN_at_KDCDOMAIN
However, when I try to connect to the DB by entering "C:\>sqlplus /@dev1",
the following error always appears:
ORA-01004: default user name feature not supported; logon denied
Additional information:
I created the service principal by the following command:
c:\ktpass -princ dev1/ediud15_at_KDCDOMAIN -mapuser ediud15 -pass oracle -out
c:\v5srvtab
krb.conf:
KDCDOMAIN
KDCDOMAIN kdcserver admin server
krb5.conf:
[libdefaults]
default_realm = KDCDOMAIN
[realms]
KDCDOMAIN = {
kdc = kdcserver:88
}
[domain_realm]
krb5.realms:
* KDCDOMAIN
Grateful if someone can give me some help.
Many many thanks.
Regards,
Timmy
Received on Mon Mar 03 2003 - 03:47:09 CST