Connecting to Oracle using Kerberos

Questions
1

Describe the problem/error/question

I’m trying to connect to an Oracle database using Kerberos (network user). I created a container with all the Oracle dependencies, changed the necessary environment variables, generated the keytap file so that a username and password are not required, and I have an active session.
I can connect via the terminal using sqlplus, I made a script that uses “oracledb” in Node and it connects to the database. However, on the frontend I am unable to establish the connection to validate the credentials. Has anyone done this type of configuration before and could help me? Is it possible to connect via network user with Kerberos?

What is the error message (if any)?

On the frontend, it throws an error if the username isn’t provided:
ORA-24415: Missing or null username. Help: ORA-24415 - Database Error Messages
And if the username is provided, it generates this error, even with the correct username and password:
ORA-01017: invalid username/password; logon denied Help: ORA-01017 - Database Error Messages

Information on your n8n setup

  • n8n version: 2.8.4
  • Database (default: SQLite): Postgres
  • n8n EXECUTIONS_PROCESS setting (default: own, main): main
  • Running n8n via (Docker, npm, n8n cloud, desktop app): Docker
  • Operating system: Oracle Linux
2

What you’re seeing makes sense if the Oracle node’s credential test path assumes username/password auth. Your container can connect with Kerberos because sqlplus / your custom Node script are using the Oracle client + Kerberos config directly, but n8n’s built-in credential validation is still trying to build a normal login payload, which is why you get ORA-24415 without a username and ORA-01017 when it falls back to password auth.

So yes, Kerberos can work at the driver level, but the important question is whether the n8n Oracle node currently supports validating and opening connections in external-auth mode. A quick way to confirm is: skip the credential test if possible, run an actual Oracle node execution inside the same container, and check whether the runtime connection succeeds when the Kerberos ticket is already present. If runtime works but “test credentials” fails, that points to a node limitation rather than a Kerberos setup issue.

Also worth checking: whether the node always requires username/password fields in its UI schema, and whether it exposes any equivalent of externalAuth / wallet / OS-auth mode. If not, you may need to use a Code node or custom node that calls the same oracledb connection method as your working script instead of the built-in Oracle credential flow.

3

Hi @AGJ_DESENVOLVIMENTO , welcome to the n8n community!

I haven’t set this up myself, but this looks like an n8n UI limitation. Since Kerberos works in sqlplus and with oracledb, the issue seems to be the credential test, which expects username/password. I’d try a Code node, custom node, or external wrapper instead.

4

had this exact thing last year — oracle node just doesnt do kerberos auth in the credential flow, it always expects user/pass. since your oracledb script works fine in the same container, the Code node is honestly the quickest fix. just replicate the connection call you already have, keytab and env vars carry over.

5

yeah, the Oracle node doesn’t expose Kerberos auth. your quickest path forward is a Code node that imports oracledb directly — you’ve already proven your keytab and env vars work, so the Node.js driver should connect the same way. just mount the keytab file and you’re good.

6

yeah, the Oracle node doesn’t expose Kerberos auth. your quickest path forward is a Code node that imports oracledb directly — you’ve already proven your keytab and env vars work, so the Node.js driver should connect the same way. just mount the keytab file and you’re good.