Forum Stats

  • 3,840,286 Users
  • 2,262,581 Discussions
  • 7,901,195 Comments

Discussions

Protocol Violation in 12c, 19c (+Kerberos)

aksenov mike
aksenov mike Member Posts: 8 Red Ribbon
edited Aug 4, 2020 2:48AM in Database Security - General

Hi,

we have an various oracle database installations and a few Kerberos KDC servers

application uses JDBC driver latest 8 version and it works perfect with 11.2 version

but when I try to connect to a bit higher version of databases like 12c or 19c I may get the Protocol Violation error. When I say "may get" it means I may even not get the error, but in 90% cases this issue can be reproduced.

We eliminate network connection issue because 11 and 12 versions of database are on the same server. Anyway, when server trace is enabled we may find such lines in it:

[27-JUL-2020 13:59:03:914] nauztk5avalidate: entry[27-JUL-2020 13:59:03:914] nauztk5ahgetcontext: entry[27-JUL-2020 13:59:03:914] nauztk5ahgetcontext: exit[27-JUL-2020 13:59:03:914] nauztk5avalidate: Driver State is  "3".[27-JUL-2020 13:59:03:914] nacomrp: entry[27-JUL-2020 13:59:03:914] nacomrp: exit[27-JUL-2020 13:59:03:914] nauztk5avalidate: Error while recieving forwarded credentials : 9.[27-JUL-2020 13:59:03:914] nauztk5avalidate: failed[27-JUL-2020 13:59:03:914] nauztk5avalidate: exit[27-JUL-2020 13:59:03:914] nau_scn: credential validation function failed[27-JUL-2020 13:59:03:914] nacomsd: entry[27-JUL-2020 13:59:03:914] nacomfsd: entry[27-JUL-2020 13:59:03:914] nacomfsd: exit[27-JUL-2020 13:59:03:914] nacomsd: exit[27-JUL-2020 13:59:03:914] nau_scn: failed with error 12631[27-JUL-2020 13:59:03:914] nau_scn: exit[27-JUL-2020 13:59:03:914] na_csrd: failed with error 12631[27-JUL-2020 13:59:03:914] na_csrd: exit[27-JUL-2020 13:59:03:914] nacomsn: entry[27-JUL-2020 13:59:03:914] nacomap: entry[27-JUL-2020 13:59:03:914] nacomps: entry[27-JUL-2020 13:59:03:914] nacomps: exit[27-JUL-2020 13:59:03:914] nacomap: exit

Something makes this nauztk5avalidate function fail. I can't find any related information on internet. It's interesting that we get this error on various Kerberos servers (like windows and linux) and various database versions 12c and 19c, but not int 11.2

I've tried to change a tons of JDBC parameters but could succeed only in getting new error messages, without getting rid of the subject related one.

This Protocol Violation is so sporadic, but some of connections are successful so configuration seems fine

Seems the root cause is withing database. May be some of you have any ideas?