How to configure Kerberos and SSSD-KCM in Exadata compute nodes and cells
(Doc ID 2948255.1)
Last updated on FEBRUARY 23, 2024
Applies to:
Oracle Exadata Storage Server Software - Version 23.1.2.0.0 and later Linux x86-64
Purpose
Beginning with 23.1.2.0.0, Exadata introduces full support for Kerberos / SSSD-KCM configuration and usage across all server environments (storage servers, database bare metal, Dom0/DomU, KVM Host/Guest). Exadata compute nodes and cells can request Kerberos tickets to an external KDC (Key Distribution Center) and cache those credentials using SSSD (System Security Services Daemon) KCM (Kerberos Cache Manager). These features are supported at the operating system level.
The purpose of this note is to provide a general guide on how to configure these protocols and services, in order to get an Exadata node working as a Kerberos client.
Scope
All the content in this note is intended to system administrators, who are allowed to modify configuration files and system units (such as services and sockets).
For this configuration to be successful, the following technical requirements must be met:
An external KDC must have been configured to generate and provide Kerberos authentication tickets.
A Kerberos realm must be configured in the KDC.
The proper Kerberos principals must have been created in the KDC and added to the KDC central database.
The KDC server must be reachable over the network. Proper DNS and routing configurations must have been made.
Details
To view full details, sign in with your My Oracle Support account.
Don't have a My Oracle Support account? Click to get started!