Applications that use the legacy JDBC API now can establish connections without passwords for accounts that use the
authentication_ociserver-side authentication plugin, provided that the correct configuration entries are available to map to one unique user in a specific Oracle Cloud Infrastructure tenancy. This functionality is not supported for X Protocol connections.
To ensure correct account mapping, the client-side Oracle Cloud Infrastructure configuration must contain a fingerprint of the API key to use for authentication (
fingerprintentry) and the location of a PEM file with the private part of the API key (
key_fileentry). Both entries should be specified in the
[DEFAULT]profile of the configuration file.
Unless an alternative path to the configuration file is specified with the
OPT_OCI_CONFIG_FILEconnection option, the following default locations are used:
~/.oci/configon Linux or Posix host types
%HOMEDRIVE%%HOMEPATH%/.oci/configon Windows host types
If the MySQL user name is not provided as a connection option, then the operating system user name is substituted. Specifically, if the private key and correct Oracle Cloud Infrastructure configuration are present on the client side, then a connection can be made without giving any options. (WL #14711)
In Connector/C++ 8.0.26, the capability was introduced for applications that use the legacy JDBC API to establish connections for accounts that use the
authentication_kerberosserver-side authentication plugin, provided that the correct Kerberos tickets are available or can be obtained from Kerberos. That capability was available on client hosts running Linux only. It is now available on client hosts running Windows.
For more information about Kerberos authentication, see Kerberos Pluggable Authentication. (WL #14682)