Anyone
got working Oracle 9i/10g (AIX/Linux/Windows) external authentication via
Windows 2003 AD KDC (MIT Kerberos) ?
Is it
worth the effort, is it safe in a long run for production
environment?
So far
I failed with
-
Oracle 10.2.0.1 on both RHAT Enterprise server v5 and Windows Standard Edition
2003
-
Oracle 9.2.0.6 on AIX 5.3
KDC is
on Windows SE 2003, with hotfix implemented regarding DES
encryption
Technically, Oracle "sqlplus /@test" gets as far as to get both
TGT and TSK for db server principal (which is veryfied by running
oklist)
This
means that the most common kerberos issue with "Crediantials retrival failed" is
avoided.
Then
it fails with either
1)
ORA-12637 (Packet receive failed) for Oracle 10.2.0.1 on both RHAT ES v5 and
Windows SE 2003. Oracle complains with "Read unexpected EOF ERROR on 9" meaning
that KDC failes to respond after about 10 minutes wait.
2)
ORA-12631 (Username retrieval
failed) for Oracle 9.2.0.6 on AIX
Here
Oracle complains with "Returning 31: Decrypt integrity check failed....error
12631 received from authentication service"
Does
it makes sense to investigate any further or is it a dead end which was never
supposed to be in production?
Tahnk
you in advance,
Laimis
N
Fyrirvari/Disclaimer
http://www.landsbanki.is/disclaimer
