About password-less logon in Oracle and MySQL

About password-less logon in Oracle and MySQL

Password-less logon can simplify the process to a certain extent. It is a good choice if it is password-sensitive but requires access permissions. It is a tangle of passwords and passwords, especially when Party B performs some operations. If you don't want to work, it will affect information security.

There are corresponding solutions in Oracle and MySQL. The goal of this function is similar.

In Oracle, you can set wallet to implement it. It is supported in 10 Gb. In MySQL, -- login-path can be used for version 5.6.

Let's take a look at the wallet in Oracle to achieve password-free login. You can configure it through mkstore. We can use -- help to get help from the command.

[Ora11g @ oel1 admin] $ mkstore -- help
Oracle Secret Store Tool: Version 11.2.0.1.0-Production
Copyright (c) 2004,200 9, Oracle and/or its affiliates. All rights reserved.
No wallet location specified.
Mkstore [-wrl] [-create] [-createSSO] [-createLSSO] [-createALO] [-delete] [-deleteSSO] [-list] [-createEntry alias secret] [-viewEntry alias] [-modifyEntry alias secret] [-deleteEntry alias] [-createCredential connect_string username password] [-listCredential] [-modifyCredential connect_string username password] [-deleteCredential connect_string] [-help] [-nologo]
First, we will create a wallet and specify the wallet path as/u02/ora11g/wallet. There are still some requirements for the password, which is too simple to work.
$ Mkstore-wrl/u02/ora11g/wallet-create
Oracle Secret Store Tool: Version 11.2.0.1.0-Production
Copyright (c) 2004,200 9, Oracle and/or its affiliates. All rights reserved.
Enter password:
Enter password again:
After the wallet is generated, two files are generated under the specified path.
$ Ll
Total 8
-Rw ------- 1 ora11g dba 3589 May 17 cwallet. sso
-Rw ------- 1 ora11g dba 3512 May 17 ewallet. p12
We can specify a temporary connection string to configure it in the wallet. For example, we think test11g is a temporary connection string, and we can use tnsping for testing to ensure that the connection string is accessible.
$ Tnsping test11g
Attempting to contact (DESCRIPTION = (ADDRESS_LIST = (ADDRESS = (PROTOCOL = TCP) (HOST = oel1.oracle.com) (PORT = 1511) (CONNECT_DATA = (SERVICE_NAME = TEST11G )))
OK (0 msec)
After the configuration is complete, we need to configure the wallet path in sqlnet. ora before logon. The content to be configured in sqlnet. ora is as follows:
$ Cat sqlnet. ora
WALLET_LOCATION =
(SOURCE =
(METHOD = FILE)
(METHOD_DATA =
(DIRECTORY =/u02/ora11g/wallet)
)
)

SQLNET. WALLET_OVERRIDE = true
After these configurations are completed, we can specify the corresponding connection string and the corresponding user name and password.
$ Mkstore-wrl/u02/ora11g/wallet-createCredential test11g n1
Oracle Secret Store Tool: Version 11.2.0.1.0-Production
Copyright (c) 2004,200 9, Oracle and/or its affiliates. All rights reserved.
Enter wallet password: l 1
Create credential oracle. security. client. connect_string1
After the configuration is complete, we can verify it.
$ Sqlplus/@ test11g
SQL * Plus: Release 11.2.0.1.0 Production on Sun May 17 21:45:59 2015
With the Partitioning, OLAP, Data Mining and Real Application Testing options
N1 @ TEST11G>

If you use MySQL for implementation, You need to configure it through mysql_config_editor.
The Command Prompt for mysql_config_editor is as follows. It can be seen that the available options are relatively simple.
[Mysql @ oel1 ~] $ Mysql_config_editor set -- help
Mysql_config_editor Ver 1.0 Distrib 5.6.23, for linux-glibc2.5 on i686
Copyright (c) 2012,201 5, Oracle and/or its affiliates. All rights reserved.
Oracle is a registered trademark of Oracle Corporation and/or its
Affiliates. Other names may be trademarks of their respective
Owners.

MySQL Configuration Utility.
Description: Write a login path to the login file.
Usage: mysql_config_editor [program options] [set [command options]
-?, -- Help Display this help and exit.
-H, -- host = name Host name to be entered into the login file.
-G, -- login-path = name
Name of the login path to use in the login file. (Default
: Client)
-P, -- password Prompt for password to be entered into the login file.
-U, -- user = name User name to be entered into the login file.
-S, -- socket = name Socket path to be entered into login file.
-P, -- port = name Port number to be entered into login file.
-W, -- warn Warn and ask for confirmation if set command attempts
Overwrite an existing login path (enabled by default ).
(Defaults to on; use -- skip-warn to disable .)
We can directly use a command to complete the configuration. The alias for this password-less logon is fastlogin.

[Mysql @ oel1 ~] $ Mysql_config_editor set -- login-path = fastlogin -- user = root -- host = localhost -- password -- socket =/u02/mysql/mysqld_mst.sock
Enter password:
After the configuration is complete, a hidden file. mylogin. cnf is generated in the current path.
[Mysql @ oel1 ~] $ Ll-la. mylogin *
-Rw ------- 1 mysql dba 480 May 17. mylogin. cnf
[Mysql @ oel1 ~] $
You can log on directly at this time.
[Mysql @ oel1 ~] $ Mysql -- login-path = fastlogin
Welcome to the MySQL monitor. Commands end with; or \ g.
Your MySQL connection id is 3
Server version: 5.6.23-enterprise-Internal cial-advanced-log MySQL Enterprise Server-Advanced Edition (commercial)
Copyright (c) 2000,201 5, Oracle and/or its affiliates. All rights reserved.

Oracle is a registered trademark of Oracle Corporation and/or its
Affiliates. Other names may be trademarks of their respective
Owners.
Type 'help; 'or' \ H' for help. type' \ C' to clear the current input statement.
Mysql>