Oracle 10g R2 on Linux with Kerberos 5

Links

Frequent Oracle Errors

•	TNS:could not resolve the connect identifier specified
•	Backtrace message unwound by exceptions
•	invalid identifier
•	PL/SQL compilation error
•	internal error
•	missing expression
•	table or view does not exist
•	end-of-file on communication channel
•	TNS:listener unknown in connect descriptor
•	insufficient privileges
•	PL/SQL: numeric or value error string
•	TNS:protocol adapter error
•	ORACLE not available
•	target host or object does not exist
•	invalid number
•	unable to allocate string bytes of shared memory
•	resource busy and acquire with NOWAIT specified
•	error occurred at recursive SQL level string
•	ORACLE initialization or shutdown in progress
•	archiver error. Connect internal only, until freed
•	snapshot too old
•	unable to extend temp segment by string in tablespace
•	Credential retrieval failed
•	missing or invalid option
•	invalid username/password; logon denied
•	unable to create INITIAL extent for segment
•	out of process memory when trying to allocate string bytes
•	shared memory realm does not exist
•	cannot insert NULL
•	TNS:unable to connect to destination
•	remote database not found'>ora-02019
•	exception encountered: core dump
•	inconsistent datatypes
•	no data found
•	TNS:operation timed out
•	PL/SQL: could not find program
•	existing state of packages has been discarded
•	maximum number of processes exceeded
•	error signaled in parallel query server
•	ORACLE instance terminated. Disconnection forced
•	TNS:packet writer failure
•	see ORA-12699
•	missing right parenthesis
•	name is already used by an existing object
•	cannot identify/lock data file
•	invalid file operation
•	quoted string not properly terminated

Oracle 10g R2 on Linux with Kerberos 5

Oracle 10g R2 on Linux with Kerberos 5

2005-11-09 - By Maimon Oded

Reply: 1 2

Hi,
Well, I've managed to partially fix the problem, I've removed the principles
and recreated them with only DES encryption. after that okinit and sqlplus
/@(protected), worked on the database server.
but when running it from a remote server/client (linux and windows) the
okinit worked, but running sqlplus /@(protected) return:
*ERROR:
ORA-12638 (See ORA-12638.ora-code.com): Credential retrieval failed*
the time between the machines is synchronized.
any one have any leads?
Regards,
Oded.

On 11/8/05, Maimon Oded <oded.maimon@(protected)> wrote:
>
> Hi all,
> I'm getting desperate..
> I've a working KDC on linux (RH3-U5), i can authenticate to my other
> linux machines with it, i can run rsh,telnet with that KDC.
> so the kdc is working.
> i'm trying to configure oracle 10gR2 (also on linux) with it, but i guss
> i'm missing something very important.
> the OS kinit command is working, oracle okinit command is not working, i'm
> getting:
>
> *[oracle@(protected) admin]$ okinit*
>
> *Kerberos Utilities for Linux: Version 10.2.0.1.0 - Production on
> 08-NOV-2005 15:31:34*
>
> *Copyright (c) 1996, 2004 Oracle. All rights reserved.*
>
> *Password for **oracle@(protected)* <oracle@(protected)>*:
> okinit: Password incorrect
> okinit: Decrypt integrity check failed
> *
>
> my sqlnet.ora:
>
> *NAMES.DIRECTORY_PATH= (TNSNAMES)
> SQLNET.AUTHENTICATION_SERVICES = (KERBEROS5)
> SQLNET.KERBEROS5_KEYTAB = /etc/krbora10g.keytab
> SQLNET.KERBEROS5_CONF = /etc/krb5.conf
> SQLNET.KERBEROS5_CONF_MIT = TRUE
> SQLNET.AUTHENTICATION_KERBEROS5_SERVICE = ora10g
> TRACE_LEVEL_CLIENT = SUPPORT
> TRACE_LEVEL_SERVER = SUPPORT
> TRACE_DIRECTORY_CLIENT = /tmp/clnt
> TRACE_DIRECTORY_SERVER = /tmp/srv*
>
> the owner of /etc/krbora10g.keytab is oracle:dba.
>
> running kinit, and then running "sqlplus /@(protected)" return:
>
> *SQL*Plus: Release 10.2.0.1.0 - Production on Tue Nov 8 15:46:02 2005*
>
> *Copyright (c) 1982, 2005, Oracle. All rights reserved.*
>
> *ERROR:
> ORA-12638 (See ORA-12638.ora-code.com): Credential retrieval failed
> *
>
> pleaaaaasssssseee, HELP!
>
> Oded.
>

<div>Hi,</div>
<div>Well, I've managed to partially fix the problem, I've removed the
principles and recreated them with only DES encryption. after that okinit and
sqlplus <a>/@(protected)</a>, worked on the database server.</div>
<div>but when running it from a remote server/client (linux and windows) the
okinit worked, but running sqlplus <a>/@(protected)</a> return:</div>
<div><strong><em>ERROR:<br>ORA-12638 (See ORA-12638.ora-code.com): Credential retrieval failed</em></strong>
</div>
<div> </div>
<div>the time between the machines is synchronized.</div>
<div> </div>
<div>any one have any leads?</div>
<div> </div>
<div>Regards,</div>
<div> Oded.<br><br> </div>
<div><span class="gmail_quote">On 11/8/05, <b class="gmail_sendername">Maimon
Oded</b> <<a href="mailto:oded.maimon@(protected)">oded.maimon@(protected)</a>
> wrote:</span>
<blockquote class="gmail_quote" style="PADDING-LEFT: 1ex; MARGIN: 0px 0px 0px 0
.8ex; BORDER-LEFT: #ccc 1px solid">
<div>Hi all,</div>
<div>I'm getting desperate..</div>
<div> </div>
<div>I've a working KDC on linux (RH3-U5), i can authenticate to my other linux
machines with it, i can run rsh,telnet with that KDC.</div>
<div>so the kdc is working.</div>
<div> </div>
<div>i'm trying to configure oracle 10gR2 (also on linux) with it, but i guss i
'm missing something very important.</div>
<div>the OS kinit command is working, oracle okinit command is not working, i'm
getting:</div>
<div>
<p><strong><em>[oracle@(protected) admin]$ okinit</em></strong></p>
<p><strong><em>Kerberos Utilities for Linux: Version 10.2.0.1.0 - Production on
08-NOV-2005 15:31:34</em></strong></p>
<p><strong><em>Copyright (c) 1996, 2004 Oracle.  All rights reserved.</em>
</strong></p>
<p><strong><em>Password for </em></strong><a href="mailto:oracle@(protected)"
target="_blank"><strong><em>oracle@(protected)</em></strong></a><strong><em>:<br
>okinit: Password incorrect<br>okinit: Decrypt integrity check failed
<br></em></strong></p>
<p>my sqlnet.ora:</p>
<p><strong><em>NAMES.DIRECTORY_PATH= (TNSNAMES)<br>SQLNET.AUTHENTICATION
_SERVICES = (KERBEROS5)<br>SQLNET.KERBEROS5_KEYTAB = /etc/krbora10g.keytab<br
>SQLNET.KERBEROS5_CONF = /etc/krb5.conf<br>SQLNET.KERBEROS5_CONF_MIT = TRUE
<br>SQLNET.AUTHENTICATION_KERBEROS5_SERVICE = ora10g<br>TRACE_LEVEL_CLIENT =
SUPPORT<br>TRACE_LEVEL_SERVER = SUPPORT<br>TRACE_DIRECTORY_CLIENT = /tmp/clnt
<br>TRACE_DIRECTORY_SERVER = /tmp/srv</em></strong><br></p>
<p>the owner of /etc/krbora10g.keytab is oracle:dba.</p>
<p>running kinit, and then running "sqlplus /@(protected)" return:</p>
<p><strong><em>SQL*Plus: Release 10.2.0.1.0 - Production on Tue Nov 8 15:46:02
2005</em></strong></p>
<p><strong><em>Copyright (c) 1982, 2005, Oracle.  All rights reserved.</em
></strong></p>
<p><strong><em>ERROR:<br>ORA-12638 (See ORA-12638.ora-code.com): Credential retrieval failed<br></em><
/strong></p>
<p>pleaaaaasssssseee, HELP!</p>
<p>Oded.</p></div></blockquote></div><br>