CODEWITHSUNDEEP
oracle-databaseactive-directorykerberos
yorda9
yorda9

Reputation: 1

kerberos kvno number different for all oracle rac nodes

We're trying so setup oracle authentication via microsoft AD, and there are some issues with kvno.

For example, for a 4 node cluster, each keytab file has a different kvno:

KVNO Principal
---- --------------------------------------------------------------------------
12 ORACLE/NODE1@xxxxxx
---- --------------------------------------------------------------------------
13 ORACLE/NODE2@xxxxxx
---- --------------------------------------------------------------------------
14 ORACLE/NODE3@xxxxxx
---- --------------------------------------------------------------------------
15 ORACLE/NODE4@xxxxxx


[oracle@teste]$ kvno ORACLE/NODE1@xxxxxx
ORACLE/NODE1@xxxxxx: kvno = 15
[oracle@teste]$ kvno ORACLE/NODE2@xxxxxx
ORACLE/NODE2@xxxxxx: kvno = 15
[oracle@teste]$ kvno ORACLE/NODE3@xxxxxx
ORACLE/NODE3@xxxxxx: kvno = 15
[oracle@teste]$ kvno ORACLE/NODE4@xxxxxx
ORACLE/NODE4@xxxxxx: kvno = 15

NODE4 is the only that matches nr 15.

I dont know how keytab is being generated on AD, because that's a different team, they send the files to us, but the command that is being used is like this:

ktpass -princ ORACLE/NODE1@xxxxxx -mapUser username -pass -crypto ALL -ptype KRB5_NT_PRINCIPAL -out c:\name.keytab

The question is, what should we do to have same kvno on all keytab files?

Thks.

Upvotes: 0

Views: 254

Answers (1)

SashaN
SashaN

Reputation: 689

I don't have access to windows at the moment to try that out. However it looks like there is -kvno option at ktpass command. This what MS writes about ktpass however I'm not sure if it will help you.

Upvotes: 0

Related Questions