Code:
https://docs.oracle.com/en/database/oracle/oracle-database/12.2/jjdbc/client-side-security.html#GUID-991705F7-C2C5-4BA9-85D1-32749AE2FF64
Kerberos Hello World login:
For testing with Active Directory
krb5.conf or krb5.ini setting required - or copy it to java default place
Cross site registry setting may be required: https://support.microsoft.com/en-gb/help/308339/registry-key-to-allow-session-keys-to-be-sent-in-kerberos-ticket-grant
Old but seems comprehensive notes:
http://cr.openjdk.java.net/~weijun/special/krb5winguide-2/raw_files/new/kwin
Login code:
https://docs.oracle.com/en/database/oracle/oracle-database/12.2/jjdbc/client-side-security.html#GUID-991705F7-C2C5-4BA9-85D1-32749AE2FF64
Replace "jdbc:oracle:thin:@(DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)"+
"(HOST=oracleserver.mydomain.com)(PORT=5221))(CONNECT_DATA=" +
"(SERVICE_NAME=orcl)))" with your connection details.
Replace "/home/Jdbc/Security/kerberos/krb5.conf" with your krb5.ini or krb5.conf (java also has a default place to look if this is not set). (with windows use double back slash \\)
If you want to use internal cache comment out:
prop.setProperty(OracleConnection.CONNECTION_PROPERTY_THIN_NET_AUTHENTICATION_KRB5_CC_NAME,
"/tmp/krb5cc_5088");
Look at: "Attempt to connect with the default user:"
Ignore: "Attempt to connect with a specific user:"
use ojdbc8.jar (from sqldeveloper or sqlcl).
javac -cp ojdbc8.jar KerberosJdbcDemo.java
java -Dsun.security.krb5.debug=true -Dsun.security.jgss.debug=true -cp ojdbc8.jar;. KerberosJdbcDemo
You can use these settings in your sqldeveloper.conf (and start sqldeveloper from sqldeveloper/bin) to get this tracing/debugging in sqldeveloper.
(Currently (SQLDeveloper 18.3) internal cache does not work with sqldeveloper - you need an explicit file based cache).
(If you get >>> Found no TGT's in LSA you could need registry setting)
should see: >>> Obtained TGT from LSA: Credentials:
My Active Directory is not linked to my Oracle Database at the moment - so I could not check if this ticket worked for database login.
https://docs.oracle.com/en/database/oracle/oracle-database/12.2/jjdbc/client-side-security.html#GUID-991705F7-C2C5-4BA9-85D1-32749AE2FF64
Kerberos Hello World login:
For testing with Active Directory
krb5.conf or krb5.ini setting required - or copy it to java default place
Cross site registry setting may be required: https://support.microsoft.com/en-gb/help/308339/registry-key-to-allow-session-keys-to-be-sent-in-kerberos-ticket-grant
Old but seems comprehensive notes:
http://cr.openjdk.java.net/~weijun/special/krb5winguide-2/raw_files/new/kwin
Login code:
https://docs.oracle.com/en/database/oracle/oracle-database/12.2/jjdbc/client-side-security.html#GUID-991705F7-C2C5-4BA9-85D1-32749AE2FF64
Replace "jdbc:oracle:thin:@(DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)"+
"(HOST=oracleserver.mydomain.com)(PORT=5221))(CONNECT_DATA=" +
"(SERVICE_NAME=orcl)))" with your connection details.
Replace "/home/Jdbc/Security/kerberos/krb5.conf" with your krb5.ini or krb5.conf (java also has a default place to look if this is not set). (with windows use double back slash \\)
If you want to use internal cache comment out:
prop.setProperty(OracleConnection.CONNECTION_PROPERTY_THIN_NET_AUTHENTICATION_KRB5_CC_NAME,
"/tmp/krb5cc_5088");
Look at: "Attempt to connect with the default user:"
Ignore: "Attempt to connect with a specific user:"
use ojdbc8.jar (from sqldeveloper or sqlcl).
javac -cp ojdbc8.jar KerberosJdbcDemo.java
java -Dsun.security.krb5.debug=true -Dsun.security.jgss.debug=true -cp ojdbc8.jar;. KerberosJdbcDemo
You can use these settings in your sqldeveloper.conf (and start sqldeveloper from sqldeveloper/bin) to get this tracing/debugging in sqldeveloper.
(Currently (SQLDeveloper 18.3) internal cache does not work with sqldeveloper - you need an explicit file based cache).
(If you get >>> Found no TGT's in LSA you could need registry setting)
should see: >>> Obtained TGT from LSA: Credentials:
My Active Directory is not linked to my Oracle Database at the moment - so I could not check if this ticket worked for database login.
