My Oracle Support Banner

How to configure Kerberos and SSSD-KCM in Exadata compute nodes and cells (Doc ID 2948255.1)

Last updated on FEBRUARY 23, 2024

Applies to:

Oracle Exadata Storage Server Software - Version and later
Linux x86-64


Beginning with, Exadata introduces full support for Kerberos / SSSD-KCM configuration and usage across all server environments (storage servers, database bare metal, Dom0/DomU, KVM Host/Guest). Exadata compute nodes and cells can request Kerberos tickets to an external KDC (Key Distribution Center) and cache those credentials using SSSD (System Security Services Daemon) KCM (Kerberos Cache Manager). These features are supported at the operating system level.

The purpose of this note is to provide a general guide on how to configure these protocols and services, in order to get an Exadata node working as a Kerberos client.


All the content in this note is intended to system administrators, who are allowed to modify configuration files and system units (such as services and sockets).

For this configuration to be successful, the following technical requirements must be met:


To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!

In this Document
 Best practices
 Document notation
 Pre configuration step
 Customizing Kerberos
 Enabling SSSD-KCM caching
 Using Kerberos tickets for service authentication
 Kerberos and SSSD- KCM software updates
 Kerberos and SSSD software updates

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.