Russ, we have Kerberos set up for our users, but could you make a video on how to set up authentication for a service account without using a password. STIG requirements are saying we should use a certificate. I don't see any tutorials on this. thanks.
Danny - no way that I know of. It would have to be something at the OS level. We can hide the alias pretty easily just by updating tnsnames.ora, but the change from username/password to just / is pretty hard to obfuscate
Hello Sir, This video is really helpful. I have one question on DB link. As we are creating Kerberos oracle user and if i would like to create a DB link between two oracle user which are kerberos authenticated then how can we do that, because db link require password. Please help
HI Sir, when we use okdstry we are getting No credentials cache file found okdstry -old Kerberos Utilities for Linux: Version 12.2.0.1.0 - Production on 13-NOV-2020 06:42:01 Copyright (c) 1996, 2016 Oracle. All rights reserved. okdstry: Credential cache /tmp/krb5cc_10010 not found. okdstry: No credentials cache file found Could you please help me with this if you have any thoughts?
what does oklist show? If there are no credentials listed when you run oklist, then there is nothing to destroy. Also, if you are using in-memory cache (OSMSFT:// or MSLSA:) then Oracle utilities can not destroy those credentials because they are managed by the OS
"ktpass -princ ORACLE/.@......." Does it mean I need to create separate keytab file for each database instance..? Let's say I have multiple RAC databases. So each instance of all the RAC clusters need a separate keytab file..? Raul
Hi ,
I really liked the presentation and it really helped. Thank you very much for your time Russ Lowenthal.
Thanks Russ. Great video.
Russ, we have Kerberos set up for our users, but could you make a video on how to set up authentication for a service account without using a password. STIG requirements are saying we should use a certificate. I don't see any tutorials on this. thanks.
Hi Sir, is there a way to hide the diff in the connection string between /@ to /@ ? U know, some tye of wrapping up existing software?
Danny - no way that I know of. It would have to be something at the OS level. We can hide the alias pretty easily just by updating tnsnames.ora, but the change from username/password to just / is pretty hard to obfuscate
Hello Sir, This video is really helpful. I have one question on DB link. As we are creating Kerberos oracle user and if i would like to create a DB link between two oracle user which are kerberos authenticated then how can we do that, because db link require password. Please help
HI Sir, when we use okdstry we are getting No credentials cache file found
okdstry -old
Kerberos Utilities for Linux: Version 12.2.0.1.0 - Production on 13-NOV-2020 06:42:01
Copyright (c) 1996, 2016 Oracle. All rights reserved.
okdstry: Credential cache /tmp/krb5cc_10010 not found.
okdstry: No credentials cache file found
Could you please help me with this if you have any thoughts?
what does oklist show? If there are no credentials listed when you run oklist, then there is nothing to destroy. Also, if you are using in-memory cache (OSMSFT:// or MSLSA:) then Oracle utilities can not destroy those credentials because they are managed by the OS
"ktpass -princ ORACLE/.@......."
Does it mean I need to create separate keytab file for each database instance..?
Let's say I have multiple RAC databases. So each instance of all the RAC clusters need a separate keytab file..?
Raul