8.3 Configuring Oracle GoldenGate Veridata Agent Using Kerberos to Connect to Oracle Database
To configure Oracle GoldenGate Veridata Agent using Kerberos to connect to Oracle database:
- Complete the steps detailed in unresolvable-reference.html#GUID-9312C00A-4235-47CD-9976-C482DE47958A.
- Initiate initial ticket granting ticket for the principal using
okinit. To request an initial ticket, runokinit username. Theusernameis the user created or configured to use kerberos. - Login database instance with an Oracle Net Service service name. Run
sqlplus /@service_nameto login to the db instance, and then runshow user. The displayed user should be the user granted the initial ticket before. - Copy Kerberos configuration file and ticket cache file into Veridata agent deploy directory. Absence of either file in agent deploy directory disables the kerberos use of the Oracle GoldenGate Veridata agent.
- Edit
agent.properties. For example:database.url=jdbc:oracle:thin:@host1.us.oracle.com:1522:vdtkbr. Thedatabase.urlis the same as the url that is in a non-Kerberos configuration. - In the
agent.propertiesfile, add, uncomment, and edit the entries,kerberos.configuration.file.nameandoracle.kerberos.ticket.cache.file.name. A missing entry or an incorrect entry disables the Kerberos use of Oracle GoldenGate Veridata agent. If Kerberos use is not desired, then comment out or delete either of the entries.For example:#Kerberos configuration file name. Comment the entry to disable veridata agent to use kerberos. #To make veridata agent to use kerberos, the file must be in the agent install directory. kerberos.configuration.file.name=krb.conf #Kerberos ticket cache file name for Oracle. #To make veridata agent to use kerberos, the file must be in the agent install directory. oracle.kerberos.ticket.cache.file.name=krb.cc
- Start the Oracle GoldenGate Veridata Agent:
./agent.sh. - Verify connection in UI. Note that you do not have to enter the username and password in the Database details.
Parent topic: Secure