首页 » ORACLE 9i-23c » wallet,外部存储用户名密码,createEntry与createCredential区别(一)

wallet,外部存储用户名密码,createEntry与createCredential区别(一)

  • 2012/01/12
  • ORACLE 9i-23c
  • 1,116 views
  • wallet,外部存储用户名密码,createEntry与createCredential区别(一)已关闭评论

外部存储用户名密码

如果在shell中处理数据库内容,又不想从os用户随便看到脚本中的用户密码,可以用oracle提供的Oracle Wallet,中文钱包或钱夹,在我以前的透明加密时有用提到过. wallet文件内容是不可读的. 如果日后可以修改了密码,wallet也随着失效,
可以修改wallet也可以重建

Wallet 创建方法 – mkstore:

[oracle@anbob ~]$ which mkstore
/oracle10g/app/oracle/product/10.2.0/db_1/bin/mkstore
[oracle@anbob ~]$ mkstore -help
mkstore
[-wrl wrl]
[-create]
[-createSSO]
[-delete]
[-deleteSSO]
[-list]
[-createEntry alias secret]
[-viewEntry alias]
[-modifyEntry alias secret]
[-deleteEntry alias] [-help]

有可能会创建多个wallets, 它们每个都应该有自己的目录

下面开始创建先用参数createEntry ,稍后再说两个区别

[oracle@anbob bin]$ cd $ORACLE_HOME/network/admin/

[oracle@anbob admin]$ mkdir -p wallets/anbob


[oracle@anbob anbob]$ mkstore -wrl $ORACLE_HOME/network/admin/wallets/anbob -create

Enter password:         


Enter password again:

--979899


[oracle@anbob anbob]$ ll

total 16

-rw------- 1 oracle oinstall 7940 Jan  4 06:57 cwallet.sso

-rw------- 1 oracle oinstall 7912 Jan  4 06:57 ewallet.p12

--配置tnsnames

[oracle@anbob anbob]$ tnsping anbob


TNS Ping Utility for Linux: Version 10.2.0.1.0 - Production on 04-1?-2012 06:57:32


Copyright (c) 1997, 2005, Oracle.  All rights reserved.


Used parameter files:

/oracle10g/app/oracle/product/10.2.0/db_1/network/admin/sqlnet.ora


增加Default Wallet记录


We now add a default username and default user password to the wallet. The default username and password are used whenever the wallet is used. To do this we use the "-wrl" and "-createEntry" options


[oracle@anbob anbob]$ mkstore -wrl $ORACLE_HOME/network/admin/wallets/anbob -createEntry oracle.security.client.default_username  anbob;

Enter password:                                          


Could not open wallet. Check password

--这时输入的是wallet的上面建的钱包密码非用户密码,下面也是

[oracle@anbob anbob]$ mkstore -wrl $ORACLE_HOME/network/admin/wallets/anbob -createEntry oracle.security.client.default_username  anbob;

Enter password:         


[oracle@anbob anbob]$ mkstore -wrl $ORACLE_HOME/network/admin/wallets/anbob -createEntry  oracle.security.client.default_password anbob;

Enter password:         


note:oracle.security.client.default_password 只是个别名而已!


List Wallet Entries:


We now list the entries in the wallet using the mkstore "-list" option:


[oracle@anbob anbob]$ mkstore -wrl $ORACLE_HOME/network/admin/wallets/anbob -list

Enter password:         


Oracle Secret Store entries:

oracle.security.client.default_password

oracle.security.client.default_username


[oracle@anbob anbob]$ mkstore -wrl $ORACLE_HOME/network/admin/wallets/anbob -viewEntry oracle.security.client.default_password

Enter password:         


oracle.security.client.default_password = anbob


------------------

note:这里有别于

[oracle@primary wallet]$ $ORACLE_HOME/bin/mkstore -wrl $ORACLE_HOME/network/admin/wallet -createCredential   

Enter password:      的方法,这种创建会显示tnsname,用户名

[oracle@primary wallet]$ $ORACLE_HOME/bin/mkstore -wrl $ORACLE_HOME/network/admin/wallet -listCredential

Enter password:           


Configure the Wallet for use - sqlnet.ora: 上面的文件和sqlnet.ora配置路径是client路径,可以copy


现在我们就有了一个钱夹. The following entries are added to the sqlnet.ora file:


[oracle@anbob admin]$ vi sqlnet.ora

# sqlnet.ora Network Configuration File: /oracle10g/app/oracle/product/10.2.0/db_1/network/admin/sqlnet.ora

# Generated by Oracle configuration tools.


NAMES.DIRECTORY_PATH= (TNSNAMES, EZCONNECT)


# append

WALLET_LOCATION =

   (SOURCE =

     (METHOD = FILE)

     (METHOD_DATA =

       (DIRECTORY = /oracle10g/app/oracle/product/10.2.0/db_1/network/admin/wallets/anbob)

     )

   )


SQLNET.WALLET_OVERRIDE = TRUE

SSL_CLIENT_AUTHENTICATION = FALSE

SSL_VERSION = 0


下面测试看是否可以登录

登录本机

[oracle@anbob admin]$ sqlplus /


SQL*Plus: Release 10.2.0.1.0 - Production on 骀涓 1?4 19:26:04 2012


Copyright (c) 1982, 2005, Oracle.  All rights reserved.


Connected to:

Oracle Database 10g Enterprise Edition Release 10.2.0.1.0 - Production

With the Partitioning, OLAP and Data Mining options


SQL> show user

USER is "ANBOB"

登录其它服务器--前提对方也有anbob用户及相应密码

[oracle@anbob admin]$ vi tnsnames.ora 


#append

d191 =

  (DESCRIPTION =

    (ADDRESS = (PROTOCOL = TCP)(HOST = 192.168.191.11)(PORT = 1521))

    (CONNECT_DATA =

      (SERVICE_NAME = ncme)

    )

  )

  )


[oracle@anbob admin]$ sqlplus /@d191


SQL*Plus: Release 10.2.0.1.0 - Production on 骀涓 1?4 19:27:16 2012


Copyright (c) 1982, 2005, Oracle.  All rights reserved.


Connected to:

Oracle Database 10g Enterprise Edition Release 10.2.0.1.0 - Production

With the Partitioning, OLAP and Data Mining options


SQL> show user

USER is "ANBOB"



每一部分到这,下篇用第二个参数

        

            打赏

对不起,这篇文章暂时关闭评论。

上一篇:

下一篇: