Enabling Kerberos Authentication
Configuring Kerberos Authentication 6-3
For example, if kservice is oracle, the fully qualified name of the system on
which Oracle Database is running is dbserver.someco.com and the realm is
SOMECO.COM. The principal name is:
oracle/dbserver.someco.com@SOMECO.COM
It is a convention to use the DNS domain name as the name of the realm. To create
the service principal, run kadmin.local. On UNIX, run this command as the root
user, by using the following syntax:
# cd /kerberos-install-directory/sbin
# ./kadmin.local
To add a principal named oracle/dbserver.someco.com@SOMECO.COM to the
list of server principals known by Kerberos, enter the following:
kadmin.local:addprinc -randkey oracle/dbserver.someco.com@SOMECO.COM
Task 3: Extract a Service Table from Kerberos
Extract the service table from Kerberos and copy it to the Oracle database
server/Kerberos client system.
For example, use the following steps to extract a service table for
dbserver.someco.com:
Service Principal Field Description
kservice A case-sensitive string that represents the Oracle
service; this can be the same as the database service
name.
kinstance This is typically the fully qualified name of the
system on which Oracle Database is running.
REALM The domain name of the database server. REALM
must always be uppercase and is typically the DNS
domain name.
Note: The utility names in this section are executable programs.
However, the Kerberos user name krbuser and the realm
SOMECO.COM are examples only.
To Next Page
Loading...