Enable Kerberos authentication for Oracle and PostgreSQL

Download jce_policy-8.zip from Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files Download, extract it, and follow the instructions in the included README.txt to install it on each server in your Striim cluster that will run a source or target that uses Kerberos authenticaion.

Place Kerberos's krb5.conf file in a directory accessible by Striim.

If using a credential cache (also known as a ticket cache), cache the ticket for the service principal to be used by Striim on the Striim server.

For PostgreSQL, create a keytab file for the Kerberos principal (see GSSAPI Authentication) in a directory accessible by Striim.

For PostgreSQL, create a login.conf JAAS configuration file containing the following in a directory accessible by Striim. Specify the keytab file and Kerberos realm for your environment.

<application name> {
  com.sun.security.auth.module.Krb5LoginModule required
  doNotPrompt=true
  useTicketCache=true
  renewTGT=true
  useKeyTab=true
  keyTab="<fully qualified name of keytab file>"
  principal="postgres@<Kerberos realm>"
};

For example:

myJAASApp {
  com.sun.security.auth.module.Krb5LoginModule required
  doNotPrompt=true
  useTicketCache=true
  renewTGT=true
  useKeyTab=true
  keyTab="/etc/krb5.keytab"
  principal="postgres@MYDOMAIN.COM"
};

If you read from or write to multiple instances of PostgreSQL, specify one such property set for each in login.conf. Give each a different application name, which must be specified in the JAAS Configuration string in Database Reader, PostgreSQL Reader, or Database Writer. If you have only one instance of PostgreSQL, you must still provide an application name here and in the JAAS Configuration string.

Restart Striim.