Oracle Wallet初探

標籤：wallet   oracle   

Oracle Wallet初探

1.  什麼是Wallet

A datastructure used to store and manage security credentials for an individualentity.

從Oracle10gR2開始, 通過使用Oracle Wallet達到使用者不使用密碼登入資料庫(非作業系統認證方式),這對於用指令碼登入資料庫進行操作來說是非常有用的；尤其對於企業安全要求很高，不希望使用者名稱和密碼明文存在設定檔中，而且對於密碼的維護是極為方便的，比如我把wallet放在指定路徑下，當修改密碼時，只需統一覆蓋wallet即可，對於有大量應用伺服器尤為方便。

2.  Wallet的建立和管理1.建立wallet

[[email protected] ~]$ mkdir -p/tmp/test_wallet

[[email protected] ~]$ mkstore-wrl /tmp/test_wallet –create

[[email protected] ~]$ cd /tmp/test_wallet/

[[email protected] test_wallet]$ ls

cwallet.sso  ewallet.p12

配置串連串tnsnames.ora

WALLET_OCP11G =

 (DESCRIPTION =

   (ADDRESS = (PROTOCOL = TCP)(HOST = daidai.com)(PORT = 1522))

   (CONNECT_DATA =

     (SERVER = DEDICATED)

     (SERVICE_NAME = ocp11g)

    )

  )

配置sqlnet.ora

WALLET_LOCATION=(SOURCE=(METHOD=FILE)(METHOD_DATA=(DIRECTORY=/tmp/test_wallet)))

SQLNET.WALLET_OVERRIDE = TRUE

把登入資料庫的使用者認證資訊添加到wallet中

[[email protected] ~]$ mkstore --help

Oracle Secret Store Tool : Version11.2.0.4.0 - Production

Copyright (c) 2004, 2013, Oracle and/or itsaffiliates. All rights reserved.

 

No wallet location specified.

mkstore [-wrl wrl] [-create] [-createSSO][-createLSSO] [-createALO] [-delete] [-deleteSSO] [-list] [-createEntry aliassecret] [-viewEntry alias] [-modifyEntry alias secret] [-deleteEntry alias] [-createCredential connect_string username password][-listCredential] [-modifyCredential connect_string username password][-deleteCredential connect_string] [-help] [-nologo]

[[email protected] ~]$ mkstore-wrl /tmp/test_wallet -createCredential wallet_ocp11g daidai love8013

Oracle Secret Store Tool : Version11.2.0.4.0 - Production

Copyright (c) 2004, 2013, Oracle and/or itsaffiliates. All rights reserved.

 

Enter wallet password:l         3

  

Create credential oracle.security.client.connect_string1

測試連接

至此，就可以使用wallet串連

[[email protected] ~]$ sqlplus/@wallet_ocp11g

 

SQL*Plus: Release 11.2.0.4.0 Production onTue Jun 14 14:47:49 2016

 

Copyright (c) 1982, 2013, Oracle.  All rights reserved.

 

 

Connected to:

Oracle Database 11g Enterprise EditionRelease 11.2.0.4.0 - 64bit Production

With the Partitioning, OLAP, Data Miningand Real Application Testing options

 

SQL>

2.管理wallet

管理wallet同樣適用mkstore命令

查看Credential

[[email protected] ~]$ mkstore-wrl /tmp/test_wallet -listCredential

Oracle Secret Store Tool : Version11.2.0.4.0 - Production

Copyright (c) 2004, 2013, Oracle and/or itsaffiliates. All rights reserved.

 

Enter wallet password:love801   3

  

List credential (index: connect_stringusername)

1: wallet_ocp11g daidai

修改wallet中使用者密碼

[[email protected] ~]$ mkstore-wrl /tmp/test_wallet -modifyCredential wallet_ocp11g daidai love8014

Oracle Secret Store Tool : Version11.2.0.4.0 - Production

Copyright (c) 2004, 2013, Oracle and/or itsaffiliates. All rights reserved.

 

Enter wallet password:love80    

  

Modify credential

Modify 1

[[email protected] ~]$ sqlplus @/wallet_ocp11g

 

SQL*Plus: Release 11.2.0.4.0 Production onTue Jun 14 14:58:35 2016

 

Copyright (c) 1982, 2013, Oracle.  All rights reserved.

 

SP2-0310: unable to openfile "/wallet_ocp11g.sql"

Enter user-name: daidai

Enter password:--此處輸入正確密碼則進入，錯誤密碼則不進入

刪除wallet的使用者認證資訊

[[email protected] ~]$ mkstore -wrl/tmp/test_wallet -listCredential

Oracle Secret Store Tool : Version11.2.0.4.0 - Production

Copyright (c) 2004, 2013, Oracle and/or itsaffiliates. All rights reserved.

 

Enter wallet password:lov   e8  

  

List credential (index: connect_stringusername)

1: wallet_ocp11g daidai

[[email protected] ~]$ mkstore-wrl /tmp/test_wallet -deleteCredential wallet_ocp11g

Oracle Secret Store Tool : Version11.2.0.4.0 - Production

Copyright (c) 2004, 2013, Oracle and/or itsaffiliates. All rights reserved.

 

Enter wallet password: ove801   3

  

Delete credential

Delete 1

查看wallet詳細認證資訊

[[email protected] ~]$ mkstore-wrl /tmp/test_wallet -list

Oracle Secret Store Tool : Version11.2.0.4.0 - Production

Copyright (c) 2004, 2013, Oracle and/or itsaffiliates. All rights reserved.

 

Enter wallet password:l  e8  013

  

Oracle Secret Store entries:

oracle.security.client.connect_string1

oracle.security.client.password1

oracle.security.client.username1

[[email protected] ~]$mkstore-wrl /tmp/test_wallet -viewEntry oracle.security.client.connect_string1

Oracle Secret Store Tool : Version11.2.0.4.0 - Production

Copyright (c) 2004, 2013, Oracle and/or itsaffiliates. All rights reserved.

 

Enter wallet password:lo   ve8  

  

oracle.security.client.connect_string1 =wallet_ocp11g

更改wallet裡使用者認證資訊的內容

mkstore -wrl /tmp/test_wallet -modifyEntry oracle.security.client.password1skatepwd1

mkstore -wrl /tmp/test_wallet -modifyEntry oracle.security.client.username1skate1

3.  遷移linux wallet至window 7

1. 按照linux中的樣式修改tnsname.ora[IP & port]和sqlnet.ora[walletpath]，注意測試連通性

2. mkstore -wrl e:/test_wallet –create

3. 拷貝出linux中wallet檔案覆蓋windows中的wallet檔案

650) this.width=650;" width="554" height="170" src="/e/u261/themes/default/images/spacer.gif" style="background:url("/e/u261/lang/zh-cn/images/localimage.png") no-repeat center;border:1px solid #ddd;" alt="spacer.gif" />

windows遷移至linux，我沒有測試。

本文出自 “90SirDB” 部落格，請務必保留此出處http://90sirdb.blog.51cto.com/8713279/1789136

Oracle Wallet初探