8 Configuring Oracle GoldenGate Veridata Agent Using Kerberos to Connect to Oracle Database

To configure Oracle GoldenGate Veridata Agent using Kerberos to connect to Oracle database:

  1. Complete the steps detailed in Deploying and Configuring Oracle GoldenGate Veridata Agent.
  2. Initiate initial ticket granting ticket for the principal using okinit. To request an initial ticket, run okinit username. The "username" is the user created or configured to use kerberos.
  3. Login database instance with an Oracle Net Service service name. Run sqlplus /@service_name to login to the db instance, and then run show user. The displayed user should be the user granted the initial ticket before.
  4. Copy Kerberos configuration file and ticket cache file into Veridata agent deploy directory. Absence of either file in agent deploy directory disables the kerberos use of the Oracle GoldenGate Veridata agent.
  5. Edit agent.properties.oracle. For example: database.url=jdbc:oracle:thin:@host1.us.oracle.com:1522:vdtkbr. The database.url is the same as the url that is in a non-kerberos configuration.
  6. In the agent.properties.oracle file, add, uncomment, and edit the entries, kerberos.configuration.file.name and oracle.kerberos.ticket.cache.file.name. A missing entry or an incorrect entry disables the kerberos use of Veridata agent. If kerberos use is not desired, then comment out or delete either of the entries.
    For example:
    #Kerberos configuration file name. 
    Comment the entry to disable veridata agent to use kerberos.  
    #To make veridata agent to use kerberos, the file must be in the agent install directory.                 
    #Kerberos ticket cache file name for Oracle.
    #To make veridata agent to use kerberos, the file must be in the agent install directory. 
  7. Start the Veridata Agent: ./agent.sh.
  8. Verify connection in UI. Note that you do not have to enter the username and password in the Database details.