Does Oracle 11g JDBC Support Kerberos Cross-Realm Authentication?
(Doc ID 1498061.1)
Last updated on DECEMBER 19, 2022
Applies to:
JDBC - Version 11.1.0.6 to 11.2.0.3.0 [Release 11.1 to 11.2]Information in this document applies to any platform.
Goal
Does Oracle 11g JDBC Support Kerberos Cross-Realm Authentication?
When using JDBC 11.1.1.6.0, you can authenticate the user on same realm, however you can not authenticate users across realms, receiving the error:
java.sql.SQLException: Io exception: The service in process is not supported.
No valid credentials provided (Mechanism level: Message stream modified (41))
at oracle.jdbc.driver.SQLStateMapping.newSQLException(SQLStateMapping.java:74)
at oracle.jdbc.driver.DatabaseError.newSQLException(DatabaseError.java:110)
at oracle.jdbc.driver.DatabaseError.throwSqlException(DatabaseError.java:171)
at oracle.jdbc.driver.DatabaseError.throwSqlException(DatabaseError.java:227)
at oracle.jdbc.driver.DatabaseError.throwSqlException(DatabaseError.java:494)
at oracle.jdbc.driver.T4CConnection.logon(T4CConnection.java:411)
at oracle.jdbc.driver.PhysicalConnection.<init>(PhysicalConnection.java:490)
at oracle.jdbc.driver.T4CConnection.<init>(T4CConnection.java:202)
at oracle.jdbc.driver.T4CDriverExtension.getConnection(T4CDriverExtension.java:33)
at oracle.jdbc.driver.OracleDriver.connect(OracleDriver.java:465)
at java.sql.DriverManager.getConnection(Unknown Source)
at java.sql.DriverManager.getConnection(Unknown Source)
Further more when trying JDBC 11.2.0.3.0 driver the users can not authenticate even in the same realm, and the error received is:
Caused by: oracle.net.ns.NetException: The service in process is not supported.
at oracle.net.ano.AuthenticationService.h(Unknown Source)
at oracle.net.ano.Ano.negotiation(Unknown Source)
at oracle.net.ns.NSProtocol.connect(NSProtocol.java:439)
at oracle.jdbc.driver.T4CConnection.connect(T4CConnection.java:1102)
at oracle.jdbc.driver.T4CConnection.logon(T4CConnection.java:320)
... 36 more
Caused by: java.security.PrivilegedActionException: KrbException: EncryptedData
is encrypted using keytype RC4 with HMAC but decryption key is of type NULL
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.Subject.doAs(Unknown Source)
... 41 more
Caused by: KrbException: EncryptedData is encrypted using keytype RC4 with HMAC
but decryption key is of type NULL
at sun.security.krb5.EncryptedData.decrypt(Unknown Source)
at oracle.net.ano.AuthenticationService.a(Unknown Source)
at oracle.net.ano.AuthenticationService.run(Unknown Source)
Solution
To view full details, sign in with your My Oracle Support account. |
|
Don't have a My Oracle Support account? Click to get started! |
In this Document
Goal |
Solution |
References |