Just a quick note in case anyone else hits this issue. We use make extensive use of Kerberos to give us Windows single-sign on. For database connections via Enterprise Manger we use “Database Kerberos Credentials” credential type and have no problems connecting to 11.2 and 12.1 databases (apart from slight pain points that it’s not possible to use them as preferred credentials, and the necessity to update the credential whenever Windows password is updated).
However as we have been migrating databases to 12.2, the credentials have not worked, testing against such a database sometimes give the following error message:
Credentials could not be verified. EXCEPTION_WHILE_CREATING_CONN_FROMSUB Surprisingly sometimes testing the credential also completes successfully.
Testing through various combinations I’ve discovered that problem is the following line in the [libdefaults] section of the Kerberos configuration file, krb5.conf, on the Enterprise Manger server
forwardable = true
After commenting out this line, Kerberos credentials test successfully against 12.2 databases. I have no idea what change in 12.2 causes this setting to cause a problem, if anyone has any ideas welcome to share.