1. Graph Developer's Guide for Property Graph
  2. Getting Started with Oracle Property Graphs
  3. Using the Graph Server (PGX)
  4. User Authentication and Authorization
  5. Kerberos Enabled Authentication for the Graph Server (PGX)
  6. Prepare the Graph Server for Kerberos Authentication

4.2.10.2 Prepare the Graph Server for Kerberos Authentication

The following are the steps to enable Kerberos authentication on the graph server (PGX):
  1. Locate the pgx.conf file of your installation.

    Note:

    If you installed the graph server via RPM, the file is located at: /etc/oracle/graph/pgx.conf
  2. Locate the krb5_conf_file line of the realm options, inside the pgx.conf file:
    "pgx_realm": {
  "implementation": "oracle.pg.identity.DatabaseRealm",
  "options": {
    ...
    "krb5_conf_file": "<REPLACE-WITH-KRB5-CONF-FILE-PATH-TO-ENABLE-KERBEROS-AUTHENTICATION>",
    "krb5_ticket_cache_dir": "/dev/shm",
    "krb5_max_cache_size": 1024
  }
},
  3. Replace the text with the krb5.conf file that you are using for the database and user authentication. For example:
    "pgx_realm": {
  "implementation": "oracle.pg.identity.DatabaseRealm",
  "options": {
    ...
    "krb5_conf_file": "/etc/krb5.conf",
    "krb5_ticket_cache_dir": "/dev/shm",
    "krb5_max_cache_size": 1024
  }
},

    Note:

    The file provided for the krb5_conf_file option needs to be valid and readable by the graph server. In case you don't replace the krb5_conf_file value or the value is empty, then the graph server will not use Kerberos authentication.

    Also, you can set the cache directory that will be used for the graph server to temporarily store Kerberos tickets given by clients as well as the maximum cache size after which new login attempts will be rejected. The cache size represents the maximum amount of concurrent Kerberos sessions active on the graph server.

Parent topic: Kerberos Enabled Authentication for the Graph Server (PGX)