During installation, the following files required for Kerberos authentication are installed in the /lib subdirectory of your product installation directory:
krb5.conf is a Kerberos configuration file containing values for the Kerberos realm and the KDC name for that realm. A generic file is installed that you must modify for your environment.
JDBCDriverLogin.conf file is a Java Authentication and Authorization Service (JAAS) login module for Kerberos authentication. This file is configured to load automatically unless the java.security.auth.login.config system property is set to load another configuration file.
Note: Do not modify the JDBCDriverLogin.conf file.
To configure the driver:
1. Set the driver’s AuthenticationMethod property to auto (default) or kerberos. See Using the AuthenticationMethod Property for more information about setting a value for this property.
2. Modify the krb5.conf file to contain your Kerberos realm name and the KDC name for that Kerberos realm by editing the file with a text editor or by specifying the system properties, java.security.krb5.realm and java.security.krb5.kdc.
Note: In Windows Active Directory, the Kerberos realm name is the Windows domain name and the KDC name is the Windows domain controller name.
For example, if your Kerberos realm name is XYZ.COM and your KDC name is kdc1, your krb5.conf file would look like this:
If the krb5.conf file does not contain a valid Kerberos realm and KDC name, the following exception is thrown:
Message:[DataDirect][Oracle JDBC Driver]Could not establish a connection using integrated security: No valid credentials provided
The krb5.conf file is configured to load automatically unless the java.security.krb5.conf system property is set to point to another Kerberos configuration file.
3. If using Kerberos authentication with a Security Manager on a Java 2 Platform, you must grant security permissions to the application and driver. See Permissions for Kerberos Authentication for an example.