背景:
2个数据库主机(有用户):DB1(UserA),DB2(UserA,UserB)
来自DB1的数据库链接UserA使用以下 SQL 创建并正常工作
CREATE DATABASE LINK "DB_LINK"
USING '(DESCRIPTION =
(ADDRESS = (PROTOCOL = TCP)(HOST = <DB2'S HOSTNAME>)(PORT = <PORT#>))
(CONNECT_DATA =
(SERVER = DEDICATED)
(SERVICE_NAME = <DB2'S NAME>)
)
)';
它连接到DB2 UserA,它们是同一个帐户。
但就我而言,我想在上述数据库链接中代理另一个数据库用户( UserB ),在 Internet 上尝试了一些建议,但需要 User_b 的密码。
CREATE DATABASE LINK "DB_LINK"
CONNECT TO UserB IDENTIFIED by <pw>
USING '(DESCRIPTION =
(ADDRESS = (PROTOCOL = TCP)(HOST = <DB2'S HOSTNAME>)(PORT = <PORT#>))
(CONNECT_DATA =
(SERVER = DEDICATED)
(SERVICE_NAME = <DB2'S NAME>)
)
)';
但是在我们的例子中,我们希望连接使用 Kerberos 身份验证,所以我们尝试了另一个建议通过 UserA连接,并且用户括号代理到 UserB,在这里我们没有 User_A 的密码,因为它是 kerberised,我们使用凭据缓存以建立连接。所以,我们没有 UserA 的密码。
CREATE DATABASE LINK "DB_LINK"
CONNECT TO UserA[UserB] IDENTIFIED by <UserA's pw>
USING '(DESCRIPTION =
(ADDRESS = (PROTOCOL = TCP)(HOST = <DB2'S HOSTNAME>)(PORT = <PORT#>))
(CONNECT_DATA =
(SERVER = DEDICATED)
(SERVICE_NAME = <DB2'S NAME>)
)
)';
如何在不指定任何密码的情况下连接到 UserB?
此外,已获得许可
ALTER USER UserB GRANT CONNECT THROUGH UserA;