We have Kerberos setup on our Oracle Databases and would like to connect to the Oracle databases using Kerberos instead of username/password from Foglight. Toad supports this by leaving the username/password field blank and having certain entries in the sqlnet.ora file. Can you update the Oracle cartridge and add Kerberos as an authentication mechanism? Ideally, it could use the same account that is running the agent (similar to how SQL Server works). And/OR could you also set up the Oracle cartridge to accept a certificate as a means of external authentication?
The Department of Defense requires passwords to be routinely changed (as often as every 60 days), so using a domain account and/or PKI would greatly simplify the number of passwords that need periodically reset. Additionally, the latest security requirements state that all applications authenticating should use either PKI or Kerberos (not username/password).
See Processes (services, applications, etc.) that connect to the DBMS independently of individual users, must use valid, current DoD approved PKI certificates for authentication to the DBMS. (stigviewer.com) for more details on the PKI requirement.