Background:
2 Database hosts(with users): DB1(UserA), DB2(UserA, UserB)
A database link from DB1, UserA, created and works fine with the following SQL
CREATE DATABASE LINK "DB_LINK"
USING '(DESCRIPTION =
(ADDRESS = (PROTOCOL = TCP)(HOST = <DB2'S HOSTNAME>)(PORT = <PORT#>))
(CONNECT_DATA =
(SERVER = DEDICATED)
(SERVICE_NAME = <DB2'S NAME>)
)
)';
and it is connectioned to DB2, UserA, they are the same account.
But in my case, i want to proxy into another DB user(UserB) in the above database link, tried some suggestion on Internet, which works but needs User_b's password.
CREATE DATABASE LINK "DB_LINK"
CONNECT TO UserB IDENTIFIED by <pw>
USING '(DESCRIPTION =
(ADDRESS = (PROTOCOL = TCP)(HOST = <DB2'S HOSTNAME>)(PORT = <PORT#>))
(CONNECT_DATA =
(SERVER = DEDICATED)
(SERVICE_NAME = <DB2'S NAME>)
)
)';
But in our case the we want the connection to be using Kerberos authentication, so we tried another suggestion to connect via UserA, and user bracket to proxy into UserB, by in here we dont have User_A's password as it is kerberised, and we use credential cache to make the connection. So, we dont have UserA's pw.
CREATE DATABASE LINK "DB_LINK"
CONNECT TO UserA[UserB] IDENTIFIED by <UserA's pw>
USING '(DESCRIPTION =
(ADDRESS = (PROTOCOL = TCP)(HOST = <DB2'S HOSTNAME>)(PORT = <PORT#>))
(CONNECT_DATA =
(SERVER = DEDICATED)
(SERVICE_NAME = <DB2'S NAME>)
)
)';
How to Connect to UserB, without specifying any passwords?
Also, permission have been granted
ALTER USER UserB GRANT CONNECT THROUGH UserA;