Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Mailing Lists -> Oracle-L -> Re: Oracle 10g R2 on Linux with Kerberos 5

Re: Oracle 10g R2 on Linux with Kerberos 5

From: Maimon Oded <oded.maimon_at_gmail.com>
Date: Wed, 9 Nov 2005 13:10:21 +0200
Message-ID: <afc75c420511090310p7e7ab9ddsbefc1a8eb3f9d272@mail.gmail.com> 





Hi,


Well, I've managed to partially fix the problem, I've removed the principles
and recreated them with only DES encryption. after that okinit and sqlplus
/@mydb, worked on the database server.


but when running it from a remote server/client (linux and windows) the
okinit worked, but running sqlplus /@mydb return:
*ERROR:



ORA-12638: Credential retrieval failed*


 the time between the machines is synchronized.
 any one have any leads?


 Regards,


 Oded.



 On 11/8/05, Maimon Oded <oded.maimon_at_gmail.com> wrote:


>

> Hi all,

> I'm getting desperate..

>  I've a working KDC on linux (RH3-U5), i can authenticate to my other

> linux machines with it, i can run rsh,telnet with that KDC.

> so the kdc is working.

>  i'm trying to configure oracle 10gR2 (also on linux) with it, but i guss

> i'm missing something very important.

> the OS kinit command is working, oracle okinit command is not working, i'm

> getting:

>

> *[oracle_at_lxoid1 admin]$ okinit*

>

> *Kerberos Utilities for Linux: Version 10.2.0.1.0 - Production on

> 08-NOV-2005 15:31:34*


>

> *Copyright (c) 1996, 2004 Oracle. All rights reserved.*

>

> *Password for **oracle_at_mydom.com* <oracle_at_mydom.com>*:

> okinit: Password incorrect

> okinit: Decrypt integrity check failed

> *

>

> my sqlnet.ora:

>

> *NAMES.DIRECTORY_PATH= (TNSNAMES)


> SQLNET.AUTHENTICATION_SERVICES = (KERBEROS5)


> SQLNET.KERBEROS5_KEYTAB = /etc/krbora10g.keytab

> SQLNET.KERBEROS5_CONF = /etc/krb5.conf

> SQLNET.KERBEROS5_CONF_MIT = TRUE


> SQLNET.AUTHENTICATION_KERBEROS5_SERVICE = ora10g

> TRACE_LEVEL_CLIENT = SUPPORT


> TRACE_LEVEL_SERVER = SUPPORT


> TRACE_DIRECTORY_CLIENT = /tmp/clnt

> TRACE_DIRECTORY_SERVER = /tmp/srv*

>

> the owner of /etc/krbora10g.keytab is oracle:dba.

>

> running kinit, and then running "sqlplus /@mydb" return:

>

> *SQL*Plus: Release 10.2.0.1.0 - Production on Tue Nov 8 15:46:02 2005*

>

> *Copyright (c) 1982, 2005, Oracle. All rights reserved.*

>

> *ERROR:


> ORA-12638: Credential retrieval failed

> *

>

> pleaaaaasssssseee, HELP!

>

> Oded.

>



--
http://www.freelists.org/webpage/oracle-l


Received on Wed Nov 09 2005 - 05:12:24 CST












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US