Kerberos Requirements
System Administration / Configuring and Managing Kerberos / Kerberos Requirements

Prerequisites

Basic requirements prior to the configuration:

  • MIT Kerberos 1.4.4 KDC

  • Kerberos REALM name

  • Global Kerberos principal name (specified without trailing @REALM name)

  • Global Kerberos principal keytab data encoded as a base 64 string

  • KDC hostnames and port numbers (one or more in priority list order)

Environment Requirements

The following hosts and software versions are required:

  • A source host with the following configuration:

    • A running ASE, Oracle, or DB2 instance.

    • A database to link from and its corresponding full database dump.

    • The Delphix principal is able to access the instance and SSH onto the host.

    • The credential cache for the Delphix principal is populated and kept current. The environment variable KRB5CCNAME is set to the location for a credential cache. Login to the Adaptive Server via  "isql_r64 -V -R<spn> -S<servername>" or  "isql_r -V -R<spn> -S<servername>" or otherwise make sure that  "isql" points to either "isql_r64 or isql_r" so that ""isql -V -R<spn> -S<servername>" works.

  • A staging host with the following configuration:

    • A running ASE, Oracle, or DB2 instance with the same version as the source instance.

    • The Delphix principal is able to access the instance and SSH onto the host.

    • The credential cache for the Delphix principal is populated and kept current. The environment variable KRB5CCNAME is set to the location for a credential cache. Login to the Adaptive Server via  "isql_r64 -V -R<spn> -S<servername>" or  "isql_r -V -R<spn> -S<servername>" or otherwise make sure that  "isql" points to either "isql_r64 or isql_r" so that ""isql -V -R<spn> -S<servername>" works.

  • A target host to create a VDB on. Configuration details:

    • A running ASE, Oracle, or DB2 instance with the same version as the source instance.

    • The Delphix principal is able to access the instance and SSH onto the host.

    • The credential cache for the Delphix principal is populated and kept current. The environment variable KRB5CCNAME is set to the location for a credential cache. Login to the Adaptive Server via  "isql_r64 -V -R<spn> -S<servername>" or  "isql_r -V -R<spn> -S<servername>" or otherwise make sure that  "isql" points to either "isql_r64 or isql_r" so that ""isql -V -R<spn> -S<servername>" works.

Supported Databases and Kerberos Configurations

For detailed Kerberos support please refer to Kerberos Support Matrix.

Delphix Engine 5.3.2.0 is the first generally available customer release to support Kerberos on a subset of supported OS' with SAP ASE, Oracle, and DB2 databases. 

With the Delphix Engine 5.3.2.0 release, many of the previously unsupported GUI functions now function when Kerberos is enabled. See Configuring Kerberos via the UI below for details, including limitations.

Related Links