python-oracledb icon indicating copy to clipboard operation
python-oracledb copied to clipboard
verified publisher icon oracle

Using create_pool() with Kerberos

Open CEBasile opened this issue 1 year ago • 6 comments

  1. What versions are you using? oracledb.version: 2.2.1 platform.platform: Windows-2016Server-10.0.14393-SP0 sys.maxsize > 2**32: True platform.python_version: 3.12.4 database version: 19.22.0.0

  1. Is it an error or a hang or a crash? Error, same as issue #36 but for Kerberos this time

  2. What error(s) or behavior you are seeing? When trying to create a connection pool with externalauth=True (Kerberos in this case) there is an exception complaining about null or missing username. File "src\oracledb\impl/thick/pool.pyx", line 152, in oracledb.thick_impl.ThickPoolImpl.init File "src\oracledb\impl/thick/utils.pyx", line 446, in oracledb.thick_impl._raise_from_info oracledb.exceptions.DatabaseError: ORA-24415: Missing or null username.

  1. Does your application call init_oracle_client()? Yes
  1. Include a runnable Python script that shows the problem.

CEBasile avatar Aug 15 '24 22:08 CEBasile

Did you create the pool in heterogeneous mode? That is mandatory for external authentication in thick mode.

anthony-tuininga avatar Aug 15 '24 22:08 anthony-tuininga

Thank you Anthony, this is the correct answer and does work. I ready through the documentation and it led me to understand that since all the connections in the pool are still using the same credentials I should be using homogenous mode. Maybe I misunderstood, or the documentation needs to be improved?

CEBasile avatar Aug 16 '24 15:08 CEBasile

Logically it makes sense that since you intend to use the same credentials for all connections in the pool that homogeneous mode is supported -- but that is not, in fact, the case. Which documentation were you looking at? We can definitely look at that documentation and see if there is a way to improve it so there isn't confusion for the next person looking at it!

anthony-tuininga avatar Aug 16 '24 16:08 anthony-tuininga

Just kind of a combination of these: https://python-oracledb.readthedocs.io/en/latest/user_guide/connection_handling.html#extauth https://python-oracledb.readthedocs.io/en/latest/api_manual/connection_pool.html#connectionpool-methods https://python-oracledb.readthedocs.io/en/latest/api_manual/module.html#oracledb.create_pool

There's no explicit mention of the behavior with Kerberos so it was mostly an educated guess on my part.

CEBasile avatar Aug 16 '24 21:08 CEBasile

Yep. I can see how you would be confused and I'll look into getting this improved. The different external authentication methods are not mentioned explicitly but anything not requiring a user name and password fits in that category and the number of options continues to grow -- so not sure mentioning Kerberos explicitly is helpful. I'll see what @cjbj thinks!

anthony-tuininga avatar Aug 16 '24 21:08 anthony-tuininga

Another option is to raise a more meaningful error when this situation is detected (externalauth=True and homogeneous=True)? Something like this?

DPY-XXXX: homogeneous pools are not supported with external authentication in thick mode

anthony-tuininga avatar Aug 16 '24 21:08 anthony-tuininga