Preliminary Use and Maintenance of Oracle Wallet in Oracle 10g R2

1)Role of Wallet

Starting from Oracle 10g R2, any user can log on to the database without a password by using Oracle Wallet (non-operating system authentication ), this is very useful for scripts that use user passwords to log on to the database for operations in shell, and does not expose the user password. for example, on the Oracle clientMkstore command settingsThe Wallet authentication information can be directly connected to the database through the "sqlplus/@ connect_string" method.

In this example, the u_test user does not need to use a password to log on to the system,The mkstore usage is as follows:

$$ ORACLE_HOME/bin/mkstore

Mkstore [-wrl] [-create] [-createSSO] [-delete] [-deleteSSO] [-list] [-createEntry alias secret] [-viewEntry alias] [-modifyEntry alias secret] [-deleteEntry alias] [-help]

 

 

2)Create a Wallet and store it inDirectory

$$ ORACLE_HOME/bin/mkstore-wrl $ ORACLE_HOME/network/admin/wallet-create

Enter password:<Enter the wallet password>

Enter password again:<Confirm wallet password>

$Ll $ ORACLE_HOME/network/admin/wallet

Total 16

-Rw ------- 1 oracle oinstall 7940 Sep 24 cwallet. sso

-Rw ------- 1 oracle oinstall 7912 Sep 24 ewallet. p12

 

3)Create a network connection string. Note that each network connection string corresponds to a database user.

$Vi $ ORACLE_HOME/network/admin/tnsnames. ora

Db_utest =

(DESCRIPTION =

(ADDRESS = (PROTOCOL = TCP) (HOST = DataGuard) (PORT = 1521 ))

(CONNECT_DATA =

(SERVER = DEDICATED)

(SERVICE_NAME = MNTR. LK)

)

)

 

4)Add User authentication information to Wallet

WhereDb_utest is the network connection string set earlier, and "iamENCY3 _" is the user's u_test password.

$$ ORACLE_HOME/bin/mkstore-wrl $ ORACLE_HOME/network/admin/wallet-createCredential db_utest u_test "iamENCY3 _"

Enter wallet password:<Enter the wallet password>

Create credential oracle. security. client. connect_string1

 

5)Confirm that the user authentication information has been added to the Wallet

$$ ORACLE_HOME/bin/mkstore-wrl $ ORACLE_HOME/network/admin/wallet-listCredential

Enter wallet password:<Enter the wallet password> 

List credential (index: connect_string username)

1: db_utest u_test

 

6)JoinThe Wallet location information is sent to sqlnet. ora.

$Vi $ ORACLE_HOME/network/admin/sqlnet. ora

WALLET_LOCATION = (SOURCE = (METHOD = FILE) (METHOD_DATA = (DIRECTORY =/u01/app/oracle/product/10.2.0/db_1/network/admin/wallet )))

SQLNET. WALLET_OVERRIDE = TRUE

 

7)Log on to OWM (graphical interface) and check whether automatic logon is performed (default). In this step, check whether the logon can be ignored.

$$ ORACLE_HOME/bin/owm &

Open the directory/u01/app/oracle/product/10.2.0/db_1/network/admin/wallet and check whether "Auto Login" is selected from the menu bar.

 

8)Logon Test

$Sqlplus/@ db_utest

SQL * Plus: Release 10.2.0.4.0-Production on Thu Sep 24 14:05:17 2009

Copyright (c) 1982,200 7, Oracle. All Rights Reserved.

Connected:

Oracle Database 10g Enterprise Edition Release 10.2.0.4.0-Production

With the Partitioning, OLAP, Data Mining and Real Application Testing options

SQL>Show user;

USER is "U_TEST"

Logon successful. settings are complete! You can use it directly in shell later"Sqlplus/@ db_utest "logging on to the database does not require a password.

 

9)Test the password modification function.

SQL>Alter user u_test identified by "iamENCY3_2 ";

SQL>Exit

$Sqlplus/@ db_utest

SQL * Plus: Release 10.2.0.4.0-Production on Thu Sep 24 14:07:05 2009

Copyright (c) 1982,200 7, Oracle. All Rights Reserved.

ERROR:

ORA-01017: invalid username/password; logon denied

 

10)If the user password is changed, you need to modify the authentication information again.

$$ ORACLE_HOME/bin/mkstore-wrl $ ORACLE_HOME/network/admin/wallet/-modifyCredential db_utest u_test "iamENCY3_2"

Enter wallet password:<Enter the wallet password>

Modify credential

Modify 1

 

11)Delete the Wallet authentication method

$$ ORACLE_HOME/bin/mkstore-wrl $ ORACLE_HOME/network/admin/wallet/-deleteCredential db_utest

Enter wallet password:<Enter the wallet password>

Delete credential

Delete 1