Oracle Database B10772-01 - Task 2: Configuring a Windows 2000 Domain Controller KDC to Interoperate with an Oracle Client

To Next Page

To Previous Page

Configuring Interoperability with a Windows 2000 Domain Controller KDC

Conﬁguring Kerberos Authentication 6-15

Step 2: Specifying Oracle Configuration Parameters in the sqlnet.ora File

Conﬁguring an Oracle client to interoperate with a Windows 2000 domain

controller KDC uses the same sqlnet.ora ﬁle parameters that are listed in "Step 1:

Conﬁgure Kerberos on the Client and on the Database Server" on page 6-5.

Set the following parameters in the sqlnet.ora ﬁle on the client:

SQLNET.KERBEROS5_CONF=pathname_to_Kerberos_configuration_file

SQLNET.KERBEROS5_CONF_MIT=TRUE

SQLNET.AUTHENTICATION_KERBEROS5_SERVICE=Kerberos_service_name

SQLNET.AUTHENTICATION_SERVICES=(BEQ,KERBEROS5)

Step 3: Specifying the Listening Port Number

The Windows 2000 domain controller KDC listens on UDP/TCP port 88. Ensure

that the system ﬁle entry for kerberos5 is set to UDP/TCP port 88 as follows:

■ (UNIX)

Ensure that the kerberos5 entry in the /etc/services ﬁle is set to 88

Task 2: Conﬁguring a Windows 2000 Domain Controller KDC to Interoperate with an

Oracle Client

The following steps must be performed on the Windows 2000 domain controller.

Step 1: Creating the User

Create a new user for the Oracle client in Microsoft Active Directory.

Step 2: Creating the Oracle Database Principal

1. Create a new user for the Oracle database in Microsoft Active Directory.

Note: Ensure that the SQLNET.KERBEROS5_CONF_MIT

parameter is set to TRUE because the Windows 2000 operating

system is designed to interoperate only with security services that

are based on MIT Kerberos version 5.

See Also: Microsoft documentation for information about how to

create users in Active Directory.

Related product manuals