首页 » ORACLE » wallet,外部存储用户名密码,createEntry与createCredential区别(一)

wallet,外部存储用户名密码,createEntry与createCredential区别(一)

外部存储用户名密码

如果在shell中处理数据库内容,又不想从os用户随便看到脚本中的用户密码,可以用oracle提供的Oracle Wallet,中文钱包或钱夹,在我以前的透明加密时有用提到过. wallet文件内容是不可读的. 如果日后可以修改了密码,wallet也随着失效,
可以修改wallet也可以重建

Wallet 创建方法 – mkstore:

[oracle@anbob ~]$ which mkstore
/oracle10g/app/oracle/product/10.2.0/db_1/bin/mkstore
[oracle@anbob ~]$ mkstore -help
mkstore
[-wrl wrl]
[-create]
[-createSSO]
[-delete]
[-deleteSSO]
[-list]
[-createEntry alias secret]
[-viewEntry alias]
[-modifyEntry alias secret]
[-deleteEntry alias] [-help]

有可能会创建多个wallets, 它们每个都应该有自己的目录

下面开始创建先用参数createEntry ,稍后再说两个区别

[oracle@anbob bin]$ cd $ORACLE_HOME/network/admin/
[oracle@anbob admin]$ mkdir -p wallets/anbob

[oracle@anbob anbob]$ mkstore -wrl $ORACLE_HOME/network/admin/wallets/anbob -create
Enter password:

Enter password again:
--979899

[oracle@anbob anbob]$ ll
total 16
-rw------- 1 oracle oinstall 7940 Jan 4 06:57 cwallet.sso
-rw------- 1 oracle oinstall 7912 Jan 4 06:57 ewallet.p12
--配置tnsnames
[oracle@anbob anbob]$ tnsping anbob

TNS Ping Utility for Linux: Version 10.2.0.1.0 - Production on 04-1?-2012 06:57:32

Copyright (c) 1997, 2005, Oracle. All rights reserved.

Used parameter files:
/oracle10g/app/oracle/product/10.2.0/db_1/network/admin/sqlnet.ora

增加Default Wallet记录

We now add a default username and default user password to the wallet. The default username and password are used whenever the wallet is used. To do this we use the "-wrl" and "-createEntry" options

[oracle@anbob anbob]$ mkstore -wrl $ORACLE_HOME/network/admin/wallets/anbob -createEntry oracle.security.client.default_username anbob;
Enter password:

Could not open wallet. Check password
--这时输入的是wallet的上面建的钱包密码非用户密码,下面也是
[oracle@anbob anbob]$ mkstore -wrl $ORACLE_HOME/network/admin/wallets/anbob -createEntry oracle.security.client.default_username anbob;
Enter password:

[oracle@anbob anbob]$ mkstore -wrl $ORACLE_HOME/network/admin/wallets/anbob -createEntry oracle.security.client.default_password anbob;
Enter password:

note:oracle.security.client.default_password 只是个别名而已!

List Wallet Entries:

We now list the entries in the wallet using the mkstore "-list" option:

[oracle@anbob anbob]$ mkstore -wrl $ORACLE_HOME/network/admin/wallets/anbob -list
Enter password:

Oracle Secret Store entries:
oracle.security.client.default_password
oracle.security.client.default_username

[oracle@anbob anbob]$ mkstore -wrl $ORACLE_HOME/network/admin/wallets/anbob -viewEntry oracle.security.client.default_password
Enter password:

oracle.security.client.default_password = anbob

------------------
note:这里有别于
[oracle@primary wallet]$ $ORACLE_HOME/bin/mkstore -wrl $ORACLE_HOME/network/admin/wallet -createCredential
Enter password: 的方法,这种创建会显示tnsname,用户名
[oracle@primary wallet]$ $ORACLE_HOME/bin/mkstore -wrl $ORACLE_HOME/network/admin/wallet -listCredential
Enter password:

Configure the Wallet for use - sqlnet.ora: 上面的文件和sqlnet.ora配置路径是client路径,可以copy

现在我们就有了一个钱夹. The following entries are added to the sqlnet.ora file:

[oracle@anbob admin]$ vi sqlnet.ora
# sqlnet.ora Network Configuration File: /oracle10g/app/oracle/product/10.2.0/db_1/network/admin/sqlnet.ora
# Generated by Oracle configuration tools.

NAMES.DIRECTORY_PATH= (TNSNAMES, EZCONNECT)

# append
WALLET_LOCATION =
(SOURCE =
(METHOD = FILE)
(METHOD_DATA =
(DIRECTORY = /oracle10g/app/oracle/product/10.2.0/db_1/network/admin/wallets/anbob)
)
)

SQLNET.WALLET_OVERRIDE = TRUE
SSL_CLIENT_AUTHENTICATION = FALSE
SSL_VERSION = 0

下面测试看是否可以登录
登录本机
[oracle@anbob admin]$ sqlplus /

SQL*Plus: Release 10.2.0.1.0 - Production on 骀涓 1?4 19:26:04 2012

Copyright (c) 1982, 2005, Oracle. All rights reserved.

Connected to:
Oracle Database 10g Enterprise Edition Release 10.2.0.1.0 - Production
With the Partitioning, OLAP and Data Mining options

SQL> show user
USER is "ANBOB"
登录其它服务器--前提对方也有anbob用户及相应密码
[oracle@anbob admin]$ vi tnsnames.ora

#append
d191 =
(DESCRIPTION =
(ADDRESS = (PROTOCOL = TCP)(HOST = 192.168.191.11)(PORT = 1521))
(CONNECT_DATA =
(SERVICE_NAME = ncme)
)
)
)

[oracle@anbob admin]$ sqlplus /@d191

SQL*Plus: Release 10.2.0.1.0 - Production on 骀涓 1?4 19:27:16 2012

Copyright (c) 1982, 2005, Oracle. All rights reserved.

Connected to:
Oracle Database 10g Enterprise Edition Release 10.2.0.1.0 - Production
With the Partitioning, OLAP and Data Mining options

SQL> show user
USER is "ANBOB"

每一部分到这,下篇用第二个参数

打赏

对不起,这篇文章暂时关闭评论。