1. Security Guide
  2. Kerberos Authentication Service
  3. Kerberos Principal

Kerberos Principal

A Kerberos Principal represents a unique identity in a Kerberos system to which Kerberos can assign tickets to access Kerberos-aware services. A service principal should be created for each Storage Node. Oracle NoSQL Database service principals follow this naming format: <service_name>/instance@REALM.

where:

  • service_name

    Is a case-sensitive string that represents the Oracle NoSQL Database service. The default value is oraclenosql.

    All Oracle NoSQL Database service principals should use the same service name across different Storage Nodes.

  • instance

    Represents the service principal instance name. It is recommended to use the fully qualified domain name (FQDN) of the Storage Node where Oracle NoSQL Database is running.

    If instance is not specified, the default principal will be created as oraclenosql@REALM.

  • REALM

    Represents the Kerberos realm name where the database service is registered. It must be specified in UPPERCASE and is typically the DNS domain name.

    If no realm is given, the service principal is assumed to belong to the default realm, as configured in the Kerberos configuration file.