Oracle Database B10772-01 Administrator's Manual page 156

Enabling Kerberos Authentication
Step 2: Set the Initialization Parameters
To set parameters in the initialization parameter file:
1.
2.
Step 3: Set sqlnet.ora Parameters (optional)
In addition to the required parameters, you can optionally set the following
parameters in the
Parameter:
Description:
Example:
6-8 Oracle Database Advanced Security Administrator's Guide
The file is updated with the following entries:
sqlnet.ora
SQLNET.AUTHENTICATION_SERVICES=(KERBEROS5)
SQLNET.AUTHENTICATION_KERBEROS5_SERVICE=kservice
Add the following parameter to the initialization parameter file:
REMOTE_OS_AUTHENT=FALSE
Setting REMOTE_OS_AUTHENT to TRUE can enable a
Caution:
security breach, because it lets someone using a non-secure
protocol, such as TCP, perform an operating system-authorized
login (formerly called an OPS$ login).
Because Kerberos user names can be long, and Oracle user names are limited to
30 characters, Oracle Corporation strongly recommends that you set the value
of OS_AUTHENT_PREFIX to null as follows:
OS_AUTHENT_PREFIX=""
Setting this parameter to null overrides the default value of OPS$.
sqlnet.ora
SQLNET.KERBEROS5_CC_NAME=pathname_to_
credentials_cache_file
Specifies the complete path name to the Kerberos credentials
cache (CC) file. The default value is operating
system-dependent. For UNIX, it is
You can also set this parameter by using the KRB5CCNAME
environment variable, but the value set in the
takes precedence over the value set in KRB5CCNAME.
SQLNET.KERBEROS5_CC_NAME=/usr/tmp/krbcache
file on the client and the Oracle database server:
/tmp/krb5cc_userid
sqlnet.ora
.
file