ORA-12638 When Using Password Authenticated Database Links Between Databases Configured For Kerberos Authentication
Last updated on NOVEMBER 21, 2017
Applies to:Advanced Networking Option - Version 220.127.116.11 to 18.104.22.168 [Release 11.2]
Information in this document applies to any platform.
When using a normal password authenticated database link between databases which have been configured to allow Kerberos authentication, then this can fail with ORA-12638.
This applies both where the session using the database link is password authenticated, and also where they are kerberos authenticated.
In the alert.log of the database you will observe errors similar to this:
TNS for Linux: Version 22.214.171.124.0 - Production
Oracle Bequeath NT Protocol Adapter for Linux: Version 126.96.36.199.0 - Production
TCP/IP NT Protocol Adapter for Linux: Version 188.8.131.52.0 - Production
Time: 29-APR-2015 16:56:05
Tracing not turned on.
Tns error struct:
ns main err code: 12638
TNS-12638: Credential retrieval failed
ns secondary err code: 0
nt main err code: 0
nt secondary err code: 0
nt OS err code: 0
Sign In with your My Oracle Support account
Don't have a My Oracle Support account? Click to get started
My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms