Configuring Control Center to use Kerberos based Authentication with Oracle database server for new installs
Follow these steps to configure Control Center to use Kerberos based Authentication with Oracle database server for new installs:
- 1. Log on to the Linux server using Kerberos authentication or after logging in, authenticate with Kerberos server as the OS user.
- Install Control Center using a Control Center installer that is bundled with IBM OpenJDK JRE.
- To obtain the Control Center installer that comes with IBM OpenJDK JRE, contact product support.
- Navigate to Control Center’s ‘conf’ directory as
- Create a file named IntallationInfo.properties (case sensitive) under
<<CCBaseDir>>/confdirectory with the following contents and save it.
KERBEROS_CONFIG_FILE=/etc/krb5.conf (change it to your location) KERBEROS_CREDENTIAL_CACHE=/tmp/krb5cc_1017 (change it to your location) ORACLE_KERBEROS_CONNECTION=true KERBEROS_DEBUG=falseNote: The above must be done for each CC instance in the cluster.Based on the above properties, the following Java system variables are at set runtime of Event Processor (EP) and Web Server.
java.security.krb5.conf=<<value of KERBEROS_CONFIG_FILE>> oracle.net.kerberos5_cc_name=<< value of KERBEROS_CREDENTIAL_CACHE>> oracle.net.authentication_services= "(KERBEROS5)" oracle.net.kerberos5_mutual_authentication=true
- Navigate to
<<CCBaseDir>>/bindirectory and run
- Follow the prompts and provide the configuration details as per the prompts.Note: The database connection step will not prompt database user and password.
- After completing the configCC.sh prompts, start Control Center using runEngine.sh script.
- After Control Center startup is completed, log on to Web UI to access Control Center features.
- Typically, Kerberos tickets expire within a day and your environment must be configured to do auto-renewal of Kerberos tickets for Control Center to have continuous database connection with the database server.
- It may require to set
“forwardable = false “ in krb5.conffile as per the Oracle support case note.