Kerberos Keytab

To use Kerberos Keytab for database target authentications, you create a named credential in Enterprise Manager of type DBKerberosKeytabCreds where you define a username and ketyab file. There are two ways in which a keytab file can be implemented:

Upload the Content of the Ketyab File to the OMS/Repository

You can physically upload the content of the keytab file to the OMS and repository in much the same way SSH-based credentials are defined. When defining the named credential with the DBKerberosKeytabCreds credential type, Enterprise Manager will use this keytab to log in and connect to the database target. You will need to update the keytab contents in Enterprise Manager whenever the keytab is changed due to password being rotated by updating the named credential.

The following graphic illustrates how to specify the keytab file when creating a named credential.

Provide the Full Path to the Keytab File

You can also provide the full path to the keytab file that is accessible from the OMS (or each of the OMSes for multi-OMS environments). The keytab file must be present at the same location on the filesystem (this could be a single copy of the keytab file that is NFS mounted) and secured with the appropriate file permissions that would allow the OMS user to have at least read access to it. You will need to keep the file in this location updated with any changes to the keytab. This can be done completely independently and outside of Enterprise Manager.

The following graphic illustrates how to define instances of the DBKerberosKeytabCreds credential type.