Corporation Network Router User Manual
Utilities for the Kerberos Authentication Adapter
Configuring Kerberos Authentication 6-11
Task 10: Get an Initial Ticket for the Kerberos/Oracle User
Before you can connect to the database, you must ask the Key Distribution Center
(KDC) for an initial ticket. To do so, run the following on the client:
% okinit username
If, when making a database connection, a reference such as the following follows a
database link, you must use the forwardable flag (-f) option:
sqlplus /@oracle
Executing okinit -f enables credentials that can be used across database links.
Run the following commands on the Oracle client:
% okinit -f
Password for krbuser@SOMECO.COM:password
Utilities for the Kerberos Authentication Adapter
Three utilities are shipped with the Oracle Kerberos authentication adapter. These
utilities are intended for use on an Oracle client with Oracle Kerberos
authentication support installed. Use the following utilities for these specified tasks:
■ Obtaining the Initial Ticket with the okinit Utility
■ Displaying Credentials with the oklist Utility
■ Removing Credentials from the Cache File with the okdstry Utility
Obtaining the Initial Ticket with the okinit Utility
The okinit utility obtains and caches Kerberos tickets. This utility is typically used
to obtain the ticket-granting ticket, using a password entered by the user to decrypt
the credential from the key distribution center (KDC). The ticket-granting ticket is
then stored in the user's credential cache.
The options available with okinit are listed in Table 6–1:
Table 6–1 Options for the okinit Utility
Option Description
-f Ask for a forwardable ticket-granting ticket. This option is
necessary to follow database links.