Help with Oracle and Kerberos

Answered

My DB user was updated to use Kerberos.  I went ahead and set it up for Oracle SQL Developer, Toad, and using the link below Datagrip.

https://www.jetbrains.com/help/datagrip/connect-to-oracle-by-using-kerberos.html 

I tested each IDE with all of my environments with no issues. 

The next day only Datagrip is not working anymore.  I am getting the error below which makes me think I need to do the Kerberos init again ("kinit JGUST") but I have C:\Users\jgust\krb5cc_jgust file from the initial creation.

Did I miss a step in setting it up?  Does anybody know how to make the connection see and use the C:\Users\jgust\krb5cc_jgust file created during the setup?

 

0
6 comments

Does it help to set the property oracle.net.kerberos5_mutual_authentication to true in advanced settings? 

What is the version of DataGrip? 

Could you share the output of the "Test connection" action? If it is truncated, share the whole log (Help | Show Log in Finder and Help | Show SQL Log in FInder). You can share the logs via https://uploads.jetbrains.com/

 
0

Thanks for pointing me to the advanced properties.

I updated the oracle.net.kerberos5_mutual_authentication to true

and added the following entry to the VM Options:

-Djava.security.krb5.conf=C:\Oracle\19c_64bitclient\network\admin\krb5.conf

I am now able to connect.

1

I spoke too soon.  Again the next day without making any connection changes I am getting the Principal Name error.

 

Making no changes other than running "KINIT JGUST" I was able to log in using my AD credentials.

 

DataGrip 2022.1.5
Build #DB-221.5787.39, built on June 6, 2022
Licensed to Jim Gust
Subscription is active until September 18, 2022.
Runtime version: 11.0.15+10-b2043.56 amd64
VM: OpenJDK 64-Bit Server VM by JetBrains s.r.o.
Windows 10 10.0
GC: G1 Young Generation, G1 Old Generation
Memory: 6144M
Cores: 8
Registry:
    documentation.show.toolbar=true
    ide.balloon.shadow.size=0

Non-Bundled Plugins:
    net.seesharpsoft.intellij.plugins.csv (2.18.2)
    org.intellij.plugins.markdown (221.5591.46)
    izhangzhihao.rainbow.brackets (6.23)
    com.4lex4.intellij.solarized (2.4.0)
    String Manipulation (9.4.1)
    MultiHighlight (2.1.1)
    Keymap exporter (2.2)

 

Todays logs have been uploaded:

Upload id: 2022_06_16_21S7tSSWapoEXNfDkWo5bw (files: idea.log, database.0.log)

 

0

It looks like your kb ticket expired and you was trying to use outdated ticket.

So, it's obvious you need to run `kinit <user>` every time your ticket is expired. Or to extend ticket lifetime.

1

I agree, that is what is happening.  In other IDE's I don't have to issue new tickets but only this one I do.

I've modified my ticket for 1 day lifetime and renew lifetime to 3 days.  Hopefully, this will be less cumbersome.

Is there a macro to specify the application\bin folder so that I can set this up as an external tool or possibly have a link in the db connection screen to this utility and results of KLIST?

0

Yes, you can try to specify External Tool for your data source in Before Connection section


0

Please sign in to leave a comment.