Corporation Network Router User Manual
Enabling Kerberos Authentication
6-4 Oracle Database Advanced Security Administrator's Guide
1.
Enter the following to extract the service table:
kadmin.local: ktadd -k /tmp/keytab oracle/dbserver.someco.com
Entry for principal oracle/dbserver.someco.com with kvno 2, encryption
DES-CBC-CRC added to the keytab WRFILE: 'WRFILE:/tmp/keytab
kadmin.local: exit
oklist -k -t /tmp/keytab
2. After the service table has been extracted, verify that the new entries are in the
table in addition to the old ones. If they are not, or you need to add more, use
kadmin.local to append to them.
If you do not enter a realm when using ktadd, it uses the realm of the current
host and displays it in the command output, as shown in Step 1.
3. If the Kerberos service table is on the same system as the Kerberos client, you
can move it. If the service table is on a different system from the Kerberos client,
you must transfer the file with a program such as FTP. If using FTP, transfer the
file in binary mode.
The following example shows how to move the service table on a UNIX
platform:
# mv /tmp/keytab /etc/v5srvtab
The default name of the service file is /etc/v5srvtab.
4. Verify that the owner of the Oracle database server executable can read the
service table (/etc/v5srvtab in the previous example). To do so, set the file
owner to the Oracle user, or make the file readable by the group to which
Oracle belongs.
Task 4: Install an Oracle Database Server and an Oracle Client
Install the Oracle database server and client software.
Caution: Do not make the file readable to all users. This can cause
a security breach.
See Also: Oracle Database operating system-specific installation
documentation