1

I've been working on getting the Oracle VS Code extension set up. I have an Oracle client that uses Kerberos authentication (note that this is a company-managed laptop, I do not have admin access)

I'm attempting to connect using a custom JDBC url and was advised to use the following Advanced settings:

The third value I'm looking for is the CC_NAME file, however we use AD groups for access, and my sqlnet.ora file lists #SQLNET.KERBEROS5_CC_NAME=OSMSFT:\. There is no environment variable or directory location set for that.

I can see that I am getting credentials by running kinit, but I can't retrieve the credentials location (it's asking for a password, and I don't believe I have permissions). Additionally, I get the following error when I run okinit: Unknown credential cache type resolving ccache OSMSFT:.

I've been digging around a bit, but at this point I'm not sure if there isn't a way to just forward the credentials to a file and reference that. Appreciate any help!

Improve this question
4
  • Are you sure you're supposed to run kinit? It seems like OSMSFT: is telling the client to use the Windows LSASS credential cache – which already did the "kinit" when you logged in to the OS. (Also, if the Oracle tool is 'okinit', then which software package does the other 'kinit' come from?) Commented Apr 30 at 22:14
  • Honestly just a shot in the dark. Kinit is the Kerberos command, wanted to make sure it was at least generating something I could reference, I'm guessing okinit is what Oracle uses in conjunction with my permissions, as it uses a user@domain field. Is there a file (temporary or otherwise) that would have the current LSASS cache? Commented May 1 at 17:25
  • "Kinit is the Kerberos command" - which Kerberos implementation though: Oracle's, Java's, MIT, Heimdal? (Windows Kerberos doesn't have a kinit command, so it has to be a third-party implementation.) Where is the actual kinit.exe located? "Is there a file (temporary or otherwise) that would have the current LSASS cache" - No, its entire point is that it is not a file that could be copied; it's managed by a protected process and can only be accessed through the Windows "SSPI" API. (The idea is a bit like ssh-agent but for Kerberos.) Commented May 1 at 18:13
  • Apologies, it looks like I was incorrect, the command I had run was klist, able to pull both tickets generated as well as the keytab info. Oracle would likely be the implementation, because the MIT options for the command don't work. Commented May 12 at 17:57
Related questions
2106
How can I prevent VS Code from replacing a newly opened, unmodified (preview) tab with a subsequently opened one?
1482
How do I fold/collapse/hide sections of code in Visual Studio Code?
1679
How can I have multiple vertical rulers in VS Code?
Load 7 more related questions Show fewer related questions

0

Reset to default

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.