Does Oracle 11g JDBC Support Kerberos Cross-Realm Authentication? (Doc ID 1498061.1)

Last updated on JULY 31, 2017

Applies to:

JDBC - Version 11.1.0.6 to 11.2.0.3.0 [Release 11.1 to 11.2]
Information in this document applies to any platform.

Goal

Does Oracle 11g JDBC Support Kerberos Cross-Realm Authentication?

When using JDBC 11.1.1.6.0, you can authenticate the user on same realm, however you can not authenticate users across realms, receiving the error:

java.sql.SQLException: Io exception: The service in process is not supported.
No valid credentials provided (Mechanism level: Message stream modified (41))
       at oracle.jdbc.driver.SQLStateMapping.newSQLException(SQLStateMapping.java:74)
       at oracle.jdbc.driver.DatabaseError.newSQLException(DatabaseError.java:110)
       at oracle.jdbc.driver.DatabaseError.throwSqlException(DatabaseError.java:171)
       at oracle.jdbc.driver.DatabaseError.throwSqlException(DatabaseError.java:227)
       at oracle.jdbc.driver.DatabaseError.throwSqlException(DatabaseError.java:494)
       at oracle.jdbc.driver.T4CConnection.logon(T4CConnection.java:411)
       at oracle.jdbc.driver.PhysicalConnection.<init>(PhysicalConnection.java:490)
       at oracle.jdbc.driver.T4CConnection.<init>(T4CConnection.java:202)
       at oracle.jdbc.driver.T4CDriverExtension.getConnection(T4CDriverExtension.java:33)
       at oracle.jdbc.driver.OracleDriver.connect(OracleDriver.java:465)
       at java.sql.DriverManager.getConnection(Unknown Source)
       at java.sql.DriverManager.getConnection(Unknown Source) 

 

Further more when trying JDBC 11.2.0.3.0 driver the users can not authenticate even in the same realm, and the error received is:

Caused by: oracle.net.ns.NetException: The service in process is not supported.
       at oracle.net.ano.AuthenticationService.h(Unknown Source)
       at oracle.net.ano.Ano.negotiation(Unknown Source)
       at oracle.net.ns.NSProtocol.connect(NSProtocol.java:439)
       at oracle.jdbc.driver.T4CConnection.connect(T4CConnection.java:1102)
       at oracle.jdbc.driver.T4CConnection.logon(T4CConnection.java:320)
       ... 36 more
Caused by: java.security.PrivilegedActionException: KrbException: EncryptedData
is encrypted using keytype RC4 with HMAC but decryption key is of type NULL
       at java.security.AccessController.doPrivileged(Native Method)
       at javax.security.auth.Subject.doAs(Unknown Source)
       ... 41 more
Caused by: KrbException: EncryptedData is encrypted using keytype RC4 with HMAC
but decryption key is of type NULL
       at sun.security.krb5.EncryptedData.decrypt(Unknown Source)
       at oracle.net.ano.AuthenticationService.a(Unknown Source)
       at oracle.net.ano.AuthenticationService.run(Unknown Source)

 

Solution

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms