Path: news.easynews.com!newsfeed1.easynews.com!easynews.com!easynews!c03.atl99!news.webusenet.com!newsfeed.media.kyoto-u.ac.jp!newsgate.cuhk.edu.hk!news.netfront.net!news.hk.linkage.net!not-for-mail
From: "Timmy Sin" <tswsin@yahoo.com>
Newsgroups: comp.databases.oracle.server
Subject: Problem with single sign-on using Kerberos on W2K server
Date: Mon, 3 Mar 2003 17:47:09 +0800
Organization: LinkAGE Online a PSINet Company
Lines: 55
Message-ID: <b3v8au$hii$1@news.hk.linkage.net>
NNTP-Posting-Host: nat1.scig.gov.hk
X-Trace: news.hk.linkage.net 1046684830 18002 202.128.229.3 (3 Mar 2003 09:47:10 GMT)
X-Complaints-To: abuse@hk.linkage.net
NNTP-Posting-Date: 3 Mar 2003 09:47:10 GMT
X-Priority: 3
X-MSMail-Priority: Normal
X-Newsreader: Microsoft Outlook Express 6.00.2800.1106
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106
Xref: newsfeed1.easynews.com comp.databases.oracle.server:178231
X-Received-Date: Mon, 03 Mar 2003 02:47:06 MST (news.easynews.com)

Hi All,

I've encountered problem when setting up single sign-on using Kerberos.
Grateful if someone can give me some idea on that. The situation is as
follows.

Database: 9.2.0 on HP-UX 11i (hostname=ediud15,SID=dev1)
KDC: W2K server (hostname=kdcserver,domain name=KDCDOMAIN)
Client: sqlplus 8.0.6 on W2K professional (domain user name=tswsin)

I can successfully obtain a ticket as follows:
C:\>oklist
Kerberos Utilities for 32-bit Windows: Version 9.2.0.1.0 - Production on
26-2-2003 15:59:50
Copyright (c) 1996, 2002 Oracle Corporation. All rights reserved.
Ticket cache: /tmp/krb.cc
Default principal: tswsin@KDCDOMAIN
Valid Starting Expires Principal
26-2-2003 15:58:33 26-2-2003 23:59:37 krbtgt/KDCDOMAIN@KDCDOMAIN

However, when I try to connect to the DB by entering "C:\>sqlplus /@dev1",
the following error always appears:
ORA-01004: default user name feature not supported; logon denied

Additional information:
I created the service principal by the following command:
c:\ktpass -princ dev1/ediud15@KDCDOMAIN -mapuser ediud15 -pass oracle -out
c:\v5srvtab

krb.conf:
KDCDOMAIN
KDCDOMAIN kdcserver admin server

krb5.conf:
[libdefaults]
default_realm = KDCDOMAIN

[realms]
KDCDOMAIN = {
kdc = kdcserver:88
}

[domain_realm]

krb5.realms:
* KDCDOMAIN

Grateful if someone can give me some help.

Many many thanks.

Regards,
Timmy