Manualshelf

Corporation Network Router User Manual

ManualsBrandsOracle ManualsNetwork RouterOracle Database B10772-01
331332333334335336337338339340
Configuring Enterprise User Security for Kerberos Authentication
12-20 Oracle Database Advanced Security Administrator's Guide
Kerberos Principal Name, User Search Base, and Group Search Base Identity
Management Realm Attributes" on page 13-5.
Task 3: Specify the Enterprise User's Kerberos Principal Name in the krbPrincipalName
Attribute
Use Enterprise Security Manager Console to specify the enterprise user's Kerberos
principal name (Kerberos_username@Kerberos_realm) in the
krbPrincipalName attribute of the enterprise user's directory entry. For more
information about this task, see "Creating New Enterprise Users" on page 13-9.
Task 4: (Optional) Enable the Enterprise Domain to Accept Kerberos Authentication
By default, the OracleDefaultDomain is configured to accept all types of
authentication. If this has been changed, or you are using another domain then use
Enterprise Security Manager to enable Kerberos authentication for your enterprise
domain by using the following steps:
1. Select the enterprise domain in the navigator pane.
2. Choose the Databases tabbed window and select Kerberos or All Types from
the User Authentication methods listed.
3. Click Apply.
For more information about this task, see "Managing Database Security Options for
an Enterprise Domain" on page 13-19.
Task 5: Connect as a Kerberos-Authenticated Enterprise User
If the KDC is not part of the operating system, such as Kerberos V5 from MIT, then
the user must get an initial ticket with the FORWARDABLE flag set by using the
okinit utility. See "Obtaining the Initial Ticket with the okinit Utility" on page 6-11.
Note: By default, Enterprise Security Manager Console user
interface does not display the field where you can configure
Kerberos principal names. The first time you create
Kerberos-authenticated users in the directory, you must configure
the console to display the krbPrincipalName attribute in its
CreateUser window. See "ConfiguringEnterprise SecurityManager
Console for Kerberos-Authenticated Enterprise Users" on page 2-24
for details.