how to setup datagrip 2019 connect to oracle with Kerberos authentication
Answered
Is there example to set up datagrip 2019 connecting to oracle with Kerberos authentication? how to specify path for krb5.conf and credential cache file? thanks.
Please sign in to leave a comment.
@Nanjun
There is a good guidance https://querysurge.zendesk.com/hc/en-us/articles/115005269006-Setting-up-an-Oracle-Connection-with-Kerberos-for-Agents-on-Linux-
Use -Djava.security.krb5.conf to specify path to your config:
Note that you can put command-line options in your data source advanced tab VM options
thanks Vasily!
I am running DataGrip in Windows. Could you also let me know how to set up for below?
1. credential cache file: it is created by kinit and saved in c:\users[my_id]\krb5cc_[my_id]
2. specify location of sqlnet.ora
3. tnsnames.ora is saved in my H:/TNSNAMES. Should I config anything in the "General" tab?
Can someone help with above questions? thanks
Did something like this few days back. (LDAP auth group)
In my case I had the sqlnet.ora to point at the krb5.conf. So I did not need VM options.
The 'Thin' Driver did not work for me (probably not supporting kerberos)
Switch to 'OCI' instead.
My SQLNET.ORA had following properties (doc ref here https://docs.oracle.com/cd/B28359_01/network.111/b28530/asokerb.htm)
SQLNET.KERBEROS5_CC_NAME=XXX
SQLNET.KERBEROS5_CONF_MIT=False (probably)
SQLNET.KERBEROS5_CONF=<file_path>
SQLNET.AUTHENTICATION_SERVICES=(KERBEROS5, KERBEROS5PRE)
SQLNET.AUTHENTICATION_KERBEROS5_SERVICE=<service_name_provided_by_it_support>
AND One more setting I cannot remember
vasily chernov, I configured the VM options followed your instruction but still not able to connect to the DB using Kerberos. I keep getting "The specified database user/password combination is rejected: [72000][1017] ORA-01017: invalid username/password; logon denied" error with the credentials prompt. However, I have no problem connecting to the DB using Kerberos in SQL Developer. Could you please help?
Is it possible for you to post your datagrip settings ?
Are you using thin driver or oci driver. Kerberos does not work with thin driver
@...
Had to redact some information but this is my config in DataGrip. I do use thin driver, which is the same as what I used in SQL Developer. However, I have tried using OCI thick driver and I got a different error "no ocijdbc12 in java.library.path"
Thin driver never worked for me.
Once you switch drivers to OCI, it gives a warning saying drivers are unavailable. Click that to install it.
Then it should work. Let me know if it doesn't
@... OCI never worked for me not even in SQL Developer. Same error.
Can you open command prompt and type klist
This should list your Kerberos tickets
If you do not have one
Enter
Sqlplus /@
This may fail, if does try
Klist again and see if you have been granted new tickets
Michelle Crabtree
K here is my setup.
1. I am using MSLSA based cred cache (well OSMSFT:)
2. Just got a empty VM (No oracle installation but I have PyCharm that is not setup)
3. Place my krb5.conf in "C:\temp"
4. Now to setup (select OCI as driver/ And click Download at the bottom near warning sign)
5. I have my tnsnames.ora and sqlnet.ora in C:\oracle\tnsfiles
6. Use that and attempt to connect and I get this
7. I believe you saw this. This is because you do not have the OG OCI client.
8. Now go to here (https://www.oracle.com/database/technologies/instant-client/winx64-64-downloads.html) and download your required driver version
9. Start installing as instant client. (This is the most basic setup and it is adequate for my requirement)
10. Go to installation folder and create a new folder network and inside that folder create sub folder admin
11. Place the tnsnames.ora and sqlnet.ora in this folder
11. now restart your pycharm so that ORACLE_HOME envar (not listed in envars) to flow through
12. Go to Database connection window, set driver as 'Oracle' if you see use latest drivers warning at the bottom click that
@... Thank you for the detailed instruction! I do have Oracle instant client installed and I'm on Mac, but it keeps saying the ocijdbc12 is missing. I have read lots of other posts but unfortunately none of them could fix my problem.
One thing threw me off is how come I could connect to the database in sql developer but not in datagrip even the settings seems the same. I'll keep looking for answers, though. Thank you for all your help!
Functionality is implemented out of the box.
It will be available in DataGrip 2021.3 release.
For now refer to the latest comment in the issue DBE-6732