Toad World® Forums

Issue Login into Oracle DB from Toad

I am using Kerbose authentication, its working fine on SQLPLUS and SQL Developer but not in TOAD, its giving error “ORA-01017: invalid username/password; logon denied”

Toad Version: 12.8 and Oracle :


SQLNET.KERBEROS5_CC_NAME=OSMSFT:// /* When I enable this I am getting “okdstry: OSD error” */
SQLNET.AUTHENTICATION_SERVICES=(kerberos5pre,kerberos5,beq,none) # Allow Kerberos5 as authentication method

Try putting EXTERNAL in the username field and leave the password blank

wow, you saved my day. Thank you very much, its working now in Toad also.

If I want to use another user, apart from my windows login ID?

Another user id going through Kerberos? I’m not sure. Log into windows as that user and specify EXTERNAL with a blank password, I guess.

Another user ID not going through Kerberos? Enter the username and password in Toad.

If its Oracle user then I can give user name and password, which is working.

EXTERNAL is working, which is taking my windows login.

Another user ID is also going through Kerberos, which is not windows login and not oracle login, its another windows account.

How do you login to the other user ID using SQL*Plus? Do you just specify user and password like normal?

John, I’m having a login issue as well - albeit it has to do with saving the passwords. Could any of this help my issue in any way?

Here’s my link:…/27375



in SQLPLUS I sue sqlplus /@username (user name can be same as windows login or another Username)

In SQL Developer I use user name and password, select Kerbose authentication

@Tharakesh -

Sorry for the delay. I think it will work if you put the username in brackets like [USERNAME]. Leave the password blank. If that doesn’t work in 12.8, it should work in the beta. Edit: That will work only in the beta. It was added at the very beginning of the 12.9 beta cycle.

@Donald.Wilson -

I don’t think this is related to your password problem. Judging by the messages on the other thread, it looks like you got it straightened out. Let me know if not.

Hi John,

I have tried putting the username in brackets like [USERNAME] on 12.8 and 12.9 Beta version, both times its saying Invalid User name or password. Same error I use to get when I don’t use EXTERNAL.

For testing I have also tried logged in user name putting brackets, this time also I got same error. This user able to login if I use only EXTERNAL.

if it is your windows user id then blank or EXTERNAL is what you want. [USERNAME] or EXTERNAL[USERNAME] has worked for others when they want to log in as a proxy user through Kerberos. You will need to have at least an Oracle client and server version of 10.2 or newer for that to work. Is this a proxy connection that you are trying to make or something else?

I have user names A and B

A is my windows account, so when I use only EXTERNAL in Toad with blank pass I am able to login.

My requirement is to Login with B, so I used EXTERNAL[B] with blank pass, its asking for password, after typing password its saying Invalid Username or password.

I don’t have Kerberos here, but to test it I use OS Authentication, which seems to work the same way as far as the database goes. I’ll describe my set up and hopefully it will help you understand what’s going on.

So my windows user in the database ends up being “OPS$PROD\JDORLON” (and I can log in as blank or EXTERNAL with this, without knowing the password). This is your user A.

Now, if I go into the Schema Browser, change object type to USERS, and click on user B in the list, then on the right, on the Proxies tab, I’ll see OPS$PROD\JDORLON. That was set up with this command:

ALTER USER B grant connect through “OPS$PROD\JDORLON”;

WIth Toad 12.8, if I try to connect EXTERNAL[B] (with a blank password), then what happens is exactly as you describe above - it prompts for password, and whatever I type in, I get an “invalid password” message.

But with Toad 12.9, logging in with EXTERNAL[B] (with blank password) works. I don’t get any prompt at all - it just connects. I don’t need to know B’s password because of the proxy grant.

Perfect, this is what I am looking for. Thank you very much John Dorlon and Gregory Liss.

You’re welcome. I’m glad I could help.