Configuring Control Center to use Kerberos based Authentication with Oracle database server for new installs

Follow these steps to configure Control Center to use Kerberos based Authentication with Oracle database server for new installs:
  1. 1. Log on to the Linux server using Kerberos authentication or after logging in, authenticate with Kerberos server as the OS user.
  2. Install Control Center using a Control Center installer that is bundled with IBM OpenJDK JRE.
    • To obtain the Control Center installer that comes with IBM OpenJDK JRE, contact product support.
  3. Navigate to Control Center’s ‘conf’ directory as below:
    cd <<CCBaseDir>>/conf
  4. Create a file named IntallationInfo.properties (case sensitive) under <<CCBaseDir>>/conf directory with the following contents and save it.
    KERBEROS_CONFIG_FILE=/etc/krb5.conf (change it to your location)
KERBEROS_CREDENTIAL_CACHE=/tmp/krb5cc_1017 (change it to your location)
ORACLE_KERBEROS_CONNECTION=true
KERBEROS_DEBUG=false
    Note: The above must be done for each CC instance in the cluster.
    Based on the above properties, the following Java system variables are at set runtime of Event Processor (EP) and Web Server.
    java.security.krb5.conf=<<value of KERBEROS_CONFIG_FILE>>
oracle.net.kerberos5_cc_name=<< value of KERBEROS_CREDENTIAL_CACHE>>
oracle.net.authentication_services= "(KERBEROS5)"
oracle.net.kerberos5_mutual_authentication=true
  5. Navigate to <<CCBaseDir>>/bin directory and run configCC.sh script.
  6. Follow the prompts and provide the configuration details as per the prompts.
    Note: The database connection step will not prompt database user and password.
  7. After completing the configCC.sh prompts, start Control Center using runEngine.sh script.
  8. After Control Center startup is completed, log on to Web UI to access Control Center features.
Note:
  • Typically, Kerberos tickets expire within a day and your environment must be configured to do auto-renewal of Kerberos tickets for Control Center to have continuous database connection with the database server.
  • It may require to set “forwardable = false “ in krb5.conf file as per the Oracle support case note.