I am attempting to configure Kerberos authentication to an Oracle 11.2 database from a Windows client. The goal is to have an IIS Application Pool connect to the DB via its service account credentials without having to store a password in the connection string.
Environment information:
- Windows 2008R2 Active Directory
- Oracle 11.2 DB on Linux AIX host
- Windows 2008R2x64 Client PCs
- Using Oracle ODAC .NET driver to connect to DB via IIS Applicaiton Pool
Is this feasible? I've seen several posts that indicate it is, but I am unable to get even sqldeveloper to authenticate with Kerberos from both the DB server itself and the Windows client.
I am able to retrieve a kerberos ticket on the DB server (okinit works).
When I attempt to connect in sqldeveloper on the DB server, I get a password prompt in the UI, which closes as if the password was accepted, but nothing opens afterwards. Attempting to expand the DB node results in another password prompt that behaves similarly (no error, just goes away with no additional UI).
I fear if I cannot even get sqldeveloper to work, there is little hope for ODAC.
Best Answer
Kerberos is way too complicated for this task, I would not bother with it.
ODAC supports using the a Secure External Password Store:
Using Secure External Password Store
You can point to the wallet location in your configuration in the settings section .
An example:
https://dbaportal.eu/2015/11/26/odac-12c-release-4-odp-net-managed-driver-with-oracle-wallet-gotcha/