Hi, Well, I've managed to partially fix the problem, I've removed the principles and recreated them with only DES encryption. after that okinit and sqlplus /@mydb, worked on the database server. but when running it from a remote server/client (linux and windows) the okinit worked, but running sqlplus /@mydb return: *ERROR: ORA-12638: Credential retrieval failed* the time between the machines is synchronized. any one have any leads? Regards, Oded. On 11/8/05, Maimon Oded <oded.maimon@xxxxxxxxx> wrote: > > Hi all, > I'm getting desperate.. > I've a working KDC on linux (RH3-U5), i can authenticate to my other > linux machines with it, i can run rsh,telnet with that KDC. > so the kdc is working. > i'm trying to configure oracle 10gR2 (also on linux) with it, but i guss > i'm missing something very important. > the OS kinit command is working, oracle okinit command is not working, i'm > getting: > > *[oracle@lxoid1 admin]$ okinit* > > *Kerberos Utilities for Linux: Version 10.2.0.1.0 - Production on > 08-NOV-2005 15:31:34* > > *Copyright (c) 1996, 2004 Oracle. All rights reserved.* > > *Password for **oracle@xxxxxxxxx* <oracle@xxxxxxxxx>*: > okinit: Password incorrect > okinit: Decrypt integrity check failed > * > > my sqlnet.ora: > > *NAMES.DIRECTORY_PATH= (TNSNAMES) > SQLNET.AUTHENTICATION_SERVICES = (KERBEROS5) > SQLNET.KERBEROS5_KEYTAB = /etc/krbora10g.keytab > SQLNET.KERBEROS5_CONF = /etc/krb5.conf > SQLNET.KERBEROS5_CONF_MIT = TRUE > SQLNET.AUTHENTICATION_KERBEROS5_SERVICE = ora10g > TRACE_LEVEL_CLIENT = SUPPORT > TRACE_LEVEL_SERVER = SUPPORT > TRACE_DIRECTORY_CLIENT = /tmp/clnt > TRACE_DIRECTORY_SERVER = /tmp/srv* > > the owner of /etc/krbora10g.keytab is oracle:dba. > > running kinit, and then running "sqlplus /@mydb" return: > > *SQL*Plus: Release 10.2.0.1.0 - Production on Tue Nov 8 15:46:02 2005* > > *Copyright (c) 1982, 2005, Oracle. All rights reserved.* > > *ERROR: > ORA-12638: Credential retrieval failed > * > > pleaaaaasssssseee, HELP! > > Oded. >