plsqldeveloper kerberos authentication

S

sagizvi

Member²
Hi.

We've managed to setup oracle advanaced security with kerb authentication. When i enter to plsqldeveloper without user/password but only with SID, it works well.

But i still got few issues:

1. Logon history
The user/password@db entry isnt being kept in the logon history.

2. Domain Authentication - using okinit
When the end user wants to login into the DB from a machine that isn't part of the domain - they need to activate a tool called okinit in order to authenticate to the right domain and get a kerberos ticket.
Only later on they can login without user/pass. That is a normal behaviour of Oracle Client, but still I would prefer if you guys could add to the login screen an option to authenticate to the domain itself , instead of activating the okinit tool before activating plsqldeveloper.
 
sagizvi said:
1. Logon history
The user/password@db entry isnt being kept in the logon history.
Click to expand...
We'll check it out and will fix it.

sagizvi said:
2. Domain Authentication - using okinit
When the end user wants to login into the DB from a machine that isn't part of the domain - they need to activate a tool called okinit in order to authenticate to the right domain and get a kerberos ticket.
Only later on they can login without user/pass. That is a normal behaviour of Oracle Client, but still I would prefer if you guys could add to the login screen an option to authenticate to the domain itself , instead of activating the okinit tool before activating plsqldeveloper.
Click to expand...
I have added this to the list of enhancement requests.
 
in the meanwhile i can configure the okinit as a "tool configuration".
Our clients are using a network drive for plsql binaries and configuration. is there a way to configure okinit for all of the clients from this single network location?
 
Yes, this is possible. You can copy the corresponding [ExternalTools]
section from your user.prefs file to the Preferences\Default\user.prefs file on the server. This way all new users will get these tools by default. For existing users you will need to copy the tool definition to their existing user.prefs file.
 
this one:

sagizvi said:
2. Domain Authentication - using okinit
When the end user wants to login into the DB from a machine that isn't part of the domain - they need to activate a tool called okinit in order to authenticate to the right domain and get a kerberos ticket.
Only later on they can login without user/pass. That is a normal behaviour of Oracle Client, but still I would prefer if you guys could add to the login screen an option to authenticate to the domain itself , instead of activating the okinit tool before activating plsqldeveloper.
Click to expand...
I have added this to the list of enhancement requests.[/quote]
 
You must log in or register to reply here.

Similar threads

A
  • Discussion Discussion
ORA-28040: No matching authentication protocol
Replies
0
Views
3K
altink
A
M
  • Discussion Discussion
"A TLOBLocator instance requires OCI8 mode, but OCI7 mode is used" on query using Oracle 21c
Replies
1
Views
1K
Marco Kalter
Marco Kalter
G
  • Discussion Discussion
Memory leak when TOracleConnection.StatementCache=true
Replies
3
Views
1K
gc@siospa.it
G
F
  • Discussion Discussion
destructive behavior on workset.
Replies
2
Views
748
Gore
G
T
  • Discussion Discussion
New PC Multiple Oracle Clients Bad Config
Replies
6
Views
2K
fabrice
F
Back
Top