Re: ORA-12641: Authentication service failed to initalize

From: <vdeoliveira_at_ncf.edu>
Date: Mon, 9 Nov 2015 06:27:56 -0800 (PST)
Message-ID: <80196266-4452-4c3f-a344-39f179ce9752_at_googlegroups.com>

Eric,

I know that this was many, many moons ago, but I am now where you were then. Did you get these problems resolve, and if so, do you recall what the roadblocks were?

Many thanks.

On Monday, March 17, 2008 at 9:20:41 AM UTC-4, eric wrote:
> On Mar 14, 3:14�pm, Frank van Bortel <frank.van.bor..._at_gmail.com>
> wrote:
> > eric wrote:
> > > On Mar 7, 3:07 pm, Frank van Bortel <frank.van.bor..._at_gmail.com>
> > > wrote:
> > >> eric wrote:
> > >>> i've already gone through the steps to obtain my ticket with ktpass,
> > >>> and setup krb5.conf, krb.conf, and tnsnames.ora.
> > >>> when i obtain my ticket (it appears to work -- no errors produced).
> > >>> however, when i go to connect: sqlplus /_at_kb_oracle i get the following
> > >>> error: ERROR: ORA-12641: Authentication service failed to initalize,
> > >>> and get prompted to enter my password? anyone have any ideas??
> > >>> thanks,
> > >>> eric
> > >> Check if you have the correct encryption mechanism; MS Windows 2000
> > >> uses CRC by default, not MD5. MS Windows 2003 seems to use MD5
> > >> by default, but better make sure. Oracle wants MD5.
> > >> More options onhttp://vanbortel.blogspot.com, the "Kerberos errors"
> > >> entry.
> >
> > >> If the encryption type is the cause, it should become visible
> > >> when tracing.
> >
> > >> Just curious - why kerberos on Windows when OS authetication
> > >> will work? Even AD for LDAP is supported on MS.
> >
> > >> --
> >
> > >> Regards,
> > >> Frank van Bortel
> >
> > >> Top-posting in UseNet newsgroups is one way to shut me up
> >
> > > thanks. i'll have a look at that. here's what i was using for ktpass:
> >
> > > ktpass -princ oraclesrv/oracle11gtest.mydomain...._at_MYDOMAIN.COM -
> > > DesOnly -crypto DES-CBC-CRC -ptype KRB5_NT_PRINCIPAL -mapuser
> > > svcoracle.mydomain.com -pass {my password omitted} -out C:
> > > \keytab.svcoracle
> >
> > > we wanted to test out something secure (i'm very light-skilled in dba-
> > > stuff), and our "team" wanted to use kerberos. i'll ask them why we're
> > > not using os authentication. do you have an article, or best practices
> > > to point me in the right direction? (i'd check out your website), but
> > > i'm at work -- and can't get to it.
> >
> > > eric
> >
> > You can do:
> > klist -k -e -K -t FILE:/<keytab>
> > to inspect what you actually got from the AD server
> > (what ktpass produced).
> >
> > Get a ticket, using kinit -k -t <keytab>, and see
> > what gives, using klist.
> > klist -e will give you the encryption types.
> >
> > --
> >
> > Regards,
> > Frank van Bortel
> >
> > Top-posting in UseNet newsgroups is one way to shut me up- Hide quoted text -
> >
> > - Show quoted text -
>
> i tried klist with the syntax you described above, and it didn't work
> (i get -- Usage: klist <tickets | tgt | purge>)
>
> also, i'm still stuck on okinit oraclesrv/oracle11gtest.mydomain.com.
> it returns the error: okinit: client not found in kerberos database.
>
> i'm going to try and set it up in a test lab today and see if i get a
> different result.
Received on Mon Nov 09 2015 - 15:27:56 CET

This message: [ Message body ]
Next message: Peter Schneider: "Re: ORA-12641: Authentication service failed to initalize"
Previous message: walkwatermahesh_at_gmail.com: "excellent oracle apps functional/Technical candidates available"
Next in thread: Peter Schneider: "Re: ORA-12641: Authentication service failed to initalize"
Reply: Peter Schneider: "Re: ORA-12641: Authentication service failed to initalize"
Maybe reply: vdeoliveira: "Re: ORA-12641: Authentication service failed to initalize"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]

Original text of this message