Kerberos Hello World login:
For testing with Active Directory
krb5.conf or krb5.ini setting required - or copy it to java default place
Cross site registry setting may be required:
Old but seems comprehensive notes:
Login code:
Replace "jdbc:oracle:thin:@(DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)"+
"(" +
"(SERVICE_NAME=orcl)))" with your connection details.
Replace "/home/Jdbc/Security/kerberos/krb5.conf" with your krb5.ini or krb5.conf (java also has a default place to look if this is not set). (with windows use double back slash \\)
If you want to use internal cache comment out:
Look at: "Attempt to connect with the default user:"
Ignore: "Attempt to connect with a specific user:"
use ojdbc8.jar (from sqldeveloper or sqlcl).
javac -cp ojdbc8.jar
java -cp ojdbc8.jar;. KerberosJdbcDemo
You can use these settings in your sqldeveloper.conf (and start sqldeveloper from sqldeveloper/bin) to get this tracing/debugging in sqldeveloper.
(Currently (SQLDeveloper 18.3) internal cache does not work with sqldeveloper - you need an explicit file based cache).
(If you get >>> Found no TGT's in LSA you could need registry setting)
should see: >>> Obtained TGT from LSA: Credentials:
My Active Directory is not linked to my Oracle Database at the moment - so I could not check if this ticket worked for database login.
Kerberos Hello World login:
For testing with Active Directory
krb5.conf or krb5.ini setting required - or copy it to java default place
Cross site registry setting may be required:
Old but seems comprehensive notes:
Login code:
Replace "jdbc:oracle:thin:@(DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)"+
"(" +
"(SERVICE_NAME=orcl)))" with your connection details.
Replace "/home/Jdbc/Security/kerberos/krb5.conf" with your krb5.ini or krb5.conf (java also has a default place to look if this is not set). (with windows use double back slash \\)
If you want to use internal cache comment out:
Look at: "Attempt to connect with the default user:"
Ignore: "Attempt to connect with a specific user:"
use ojdbc8.jar (from sqldeveloper or sqlcl).
javac -cp ojdbc8.jar
java -cp ojdbc8.jar;. KerberosJdbcDemo
You can use these settings in your sqldeveloper.conf (and start sqldeveloper from sqldeveloper/bin) to get this tracing/debugging in sqldeveloper.
(Currently (SQLDeveloper 18.3) internal cache does not work with sqldeveloper - you need an explicit file based cache).
(If you get >>> Found no TGT's in LSA you could need registry setting)
should see: >>> Obtained TGT from LSA: Credentials:
My Active Directory is not linked to my Oracle Database at the moment - so I could not check if this ticket worked for database login.