Task 10: Get An Initial Ticket For The Kerberos/Oracle User; Utilities For The Kerberos Authentication Adapter; Obtaining The Initial Ticket With The Okinit Utility; Options For The Okinit Utility - Oracle Database B10772-01 Administrator's Manual

Task 10: Get an Initial Ticket for the Kerberos/Oracle User

Before you can connect to the database, you must ask the Key Distribution Center
(KDC) for an
% okinit username
If, when making a database connection, a reference such as the following follows a
database link, you must use the forwardable flag (-f) option:
sqlplus /@oracle
Executing
Run the following commands on the Oracle client:
% okinit -f
Password for krbuser@SOMECO.COM:password

Utilities for the Kerberos Authentication Adapter

Three utilities are shipped with the Oracle Kerberos authentication adapter. These
utilities are intended for use on an Oracle client with Oracle Kerberos
authentication support installed. Use the following utilities for these specified tasks:

Obtaining the Initial Ticket with the okinit Utility

The
to obtain the ticket-granting ticket, using a password entered by the user to decrypt
the credential from the key distribution center (KDC). The ticket-granting ticket is
then stored in the user's credential cache.
The options available with
Table 6–1
Option
-f
initial ticket. To do so, run the following on the client:
enables credentials that can be used across database links.
okinit -f
Obtaining the Initial Ticket with the okinit Utility
Displaying Credentials with the oklist Utility
Removing Credentials from the Cache File with the okdstry Utility
utility obtains and caches Kerberos tickets. This utility is typically used
okinit

Options for the okinit Utility

Utilities for the Kerberos Authentication Adapter
are listed in Table
okinit
Description
Ask for a forwardable ticket-granting ticket. This option is
necessary to follow database links.
Configuring Kerberos Authentication 6-11
6–1: