Toad connection through kerberos authentication

raul.kaubi · June 21, 2022, 6:26am

Hi

Toad 15.1.113.1379

I have sqlplus connection through windows command prompt working with kerberos.

PS C:\Users\raulk2> sqlplus.exe -s -L /@dbserver1.domain.com:1521/pdb2
SQL> show user;
USER is "RAULKAUBI"

Trying to achieve the same with toad, but it gives me "password required". I do not specify username when trying to connect.
I have also tried using "EXTERNAL" as username, but then it gives me that "invalid username/password"

Database client version 19 and database also 19.15

Regards
Raul

raul.kaubi · June 21, 2022, 10:30am

Aa, I fixed it. Seems like toad needs krb.ini file instead of krb.conf
Strange behaviour, since windows command line sqlplus manages this with krb5.conf as well.

Raul

RAMESH.UDVADIA · September 16, 2022, 5:43pm

hello Raul,

Can you please help me with this?

what is in krb.ini file?
where do you keep this krb.ini file? in Sqlnet.ora file?
how do I connect in toad without password? i.e. username@db_alias, etc.

all your help is appreciated

raul.kaubi · September 19, 2022, 7:57am

Put krb5.ini into your TNS_ADMIN directory - the very same where you have tnsnames.ora and sqlnet.ora files.

krb5.ini is kerberos configuration file.
krb5.ini is for windows (seems like toad needs .ini file). In unix or with sqlplus, krb5.conf file also works.

Also add this to your sqlnet.ora file.

SQLNET.KERBEROS5_CONF=C:\oracle\product\19.0.0\client_1\network\admin\krb5.ini

Regards
Raul

RAMESH.UDVADIA · September 19, 2022, 12:39pm

Thank you Raul for information.

What information goes in kerb5.ini ? some parameters?
is there a Oracle doc for this .ini file?

I do have krb5.conf in the ../network/admin directory.

raul.kaubi · September 19, 2022, 1:26pm

You can google that, try "oracle krb5.conf example".
There isn't much anything for krb5.ini
Just take krb5.conf and rename the extension to .ini for Toad.

For the content, rename "DOMAIN.COM" with your domain, and should be good to go (both upper and lowercase are required).

[libdefaults]
    default_realm = DOMAIN.COM
    clockskew = 6000
    passwd_check_s_address = false
    noaddresses = true
    forwardable = yes
[realms]
    DOMAIN.COM = {
        kdc = DOMAIN.COM:88
    }
[domain_realm]
    DOMAIN.COM = DOMAIN.COM
    .DOMAIN.COM = DOMAIN.COM
    domain.com = DOMAIN.COM
    .domain.com = DOMAIN.COM

Regards
Raul