Can I configure Oracle such that a Windows client can connect to a Linux Oracle server without a password?

Question 1

I am attempting to configure Kerberos authentication to an Oracle 11.2 database from a Windows client. The goal is to have an IIS Application Pool connect to the DB via its service account credentials without having to store a password in the connection string.

Environment information:

Windows 2008R2 Active Directory
Oracle 11.2 DB on Linux AIX host
Windows 2008R2x64 Client PCs
- Using Oracle ODAC .NET driver to connect to DB via IIS Applicaiton Pool

Is this feasible? I've seen several posts that indicate it is, but I am unable to get even sqldeveloper to authenticate with Kerberos from both the DB server itself and the Windows client.

I am able to retrieve a kerberos ticket on the DB server (okinit works).

When I attempt to connect in sqldeveloper on the DB server, I get a password prompt in the UI, which closes as if the password was accepted, but nothing opens afterwards. Attempting to expand the DB node results in another password prompt that behaves similarly (no error, just goes away with no additional UI).

I fear if I cannot even get sqldeveloper to work, there is little hope for ODAC.

Question 2

Kerberos is way too complicated for this task, I would not bother with it.

ODAC supports using the a Secure External Password Store:

Using Secure External Password Store

You can point to the wallet location in your configuration in the settings section .

An example:

https://dbaportal.eu/2015/11/26/odac-12c-release-4-odp-net-managed-driver-with-oracle-wallet-gotcha/

Question 3

After reading the dbaportal link provided, my first concern is the disclaimer that the 64-bit driver doesn't work (the application in question is 64-bit). I'll play around with this and see if it is an option.

Question 4

Oracle wallet appears to work with the 64-bit driver. I'll leave the question open a bit longer in case someone chimes in with an alternative answer that doesn't involve exposing the password (Oracle wallet technically still requires a password, it's just in a separate file and not the application configuration file).

Balazs Papp Balazs Papp 41.5k2 gold badges29 silver badges47 bronze badges · Accepted Answer · 2017-02-18 00:19:38Z

1

Kerberos is way too complicated for this task, I would not bother with it.

ODAC supports using the a Secure External Password Store:

Using Secure External Password Store

You can point to the wallet location in your configuration in the settings section .

An example:

https://dbaportal.eu/2015/11/26/odac-12c-release-4-odp-net-managed-driver-with-oracle-wallet-gotcha/

Share

Improve this answer

answered Feb 18, 2017 at 0:19

Balazs Papp's user avatar

Balazs Papp Balazs Papp

41.5k2 gold badges29 silver badges47 bronze badges

2

After reading the dbaportal link provided, my first concern is the disclaimer that the 64-bit driver doesn't work (the application in question is 64-bit). I'll play around with this and see if it is an option.

Travis
– Travis

2017年02月18日 22:28:17 +00:00
Commented Feb 18, 2017 at 22:28
Oracle wallet appears to work with the 64-bit driver. I'll leave the question open a bit longer in case someone chimes in with an alternative answer that doesn't involve exposing the password (Oracle wallet technically still requires a password, it's just in a separate file and not the application configuration file).

Travis
– Travis

2017年02月20日 23:36:45 +00:00
Commented Feb 20, 2017 at 23:36

Add a comment |

Stack Exchange Network

Can I configure Oracle such that a Windows client can connect to a Linux Oracle server without a password?

1 Answer 1

Your Answer

Sign up or log in

Post as a guest

Post as a guest

Hot Network Questions

Can I configure Oracle such that a Windows client can connect to a Linux Oracle server without a password?

1 Answer 1

Your Answer

Sign up or log in

Post as a guest

Post as a guest

Related

Hot Network Questions