Is Kerberos Authentication Supported for Use With OFSAA 8.x Installer
(Doc ID 2760638.1)
Last updated on MARCH 16, 2021
Applies to:Oracle Financial Services Analytical Applications Infrastructure - Version 188.8.131.52.0 and later
Information in this document applies to any platform.
Oracle Financial Services Analytical Applications (OFSAA)
Oracle Financial Services Analytical Applications Infrastructure (OFSAAI)
Oracle Financial Services Profitability Management (PFT)
Oracle Financial Services Funds Transfer Pricing (FTP)
Oracle Financial Services Asset Liability Management (ALM)
Oracle Financial Services Enterprise Performance Management (EPM)
As part of the OFSAA installer, there is an expectation for the administrator to know and key-in the service account (su) password for the App Server. Here, there is a limitation where the service account password for the superuser is not shared with the application team or middleware as these users are active directory users and not local users. Currently, only have the ability to do a sudo into this user.
• The expectation to key in super user password is fair for multi-server architecture, but even for single server setup it is a mandate.
How justified is this ask for single server setup, as the ideal expectation would be for the installer to identify that the Web, App and DB server components of OFSAA are getting installed on the same server and to intelligently bypass it?
• In addition to the Linux superuser authentication, there is an additional Kerberos authentication that appears to be needed. Which functionalities are likely to get impaired if Kerberos authentication is not successful. Also based on what parameters is this prompt driven?
• If as a workaround, can SFTP private key be configured for the installation, would this also bypass the Kerberos authentication or would still prompt? Have tried this in 8.1 installation and it kept prompting for Kerberos despite the private key setup. Why was the Kerberos authentication not bypassed?
To view full details, sign in with your My Oracle Support account.
Don't have a My Oracle Support account? Click to get started!
In this Document