首页 » ORACLE 9i-23ai » wallet,外部存储用户名密码,createEntry与createCredential区别(一)

wallet,外部存储用户名密码,createEntry与createCredential区别(一)

  • 2012/01/12
  • ORACLE 9i-23ai
  • 1,207 views
  • wallet,外部存储用户名密码,createEntry与createCredential区别(一)已关闭评论

外部存储用户名密码

如果在shell中处理数据库内容,又不想从os用户随便看到脚本中的用户密码,可以用oracle提供的Oracle Wallet,中文钱包或钱夹,在我以前的透明加密时有用提到过. wallet文件内容是不可读的. 如果日后可以修改了密码,wallet也随着失效,
可以修改wallet也可以重建

Wallet 创建方法 – mkstore:
 
 [oracle@anbob ~]$ which mkstore
 /oracle10g/app/oracle/product/10.2.0/db_1/bin/mkstore
 [oracle@anbob ~]$ mkstore -help
 mkstore
 [-wrl wrl]
 [-create]
 [-createSSO]
 [-delete]
 [-deleteSSO]
 [-list]
 [-createEntry alias secret]
 [-viewEntry alias]
 [-modifyEntry alias secret]
 [-deleteEntry alias] [-help]

有可能会创建多个wallets, 它们每个都应该有自己的目录

下面开始创建先用参数createEntry ,稍后再说两个区别

[oracle@anbob bin]$ cd $ORACLE_HOME/network/admin/
[oracle@anbob admin]$ mkdir -p wallets/anbob<
[oracle@anbob anbob]$ mkstore -wrl $ORACLE_HOME/network/admin/wallets/anbob -create
Enter password:

Enter password again:
--979899

[oracle@anbob anbob]$ ll
total 16
-rw------- 1 oracle oinstall 7940 Jan 4 06:57 cwallet.sso
-rw------- 1 oracle oinstall 7912 Jan 4 06:57 ewallet.p12
/pre>
--配置tnsnames

[oracle@anbob anbob]$ tnsping anbob

TNS Ping Utility for Linux: Version 10.2.0.1.0 - Production on 04-1?-2012 06:57:32

Copyright (c) 1997, 2005, Oracle. All rights reserved.

Used parameter files:
/oracle10g/app/oracle/product/10.2.0/db_1/network/admin/sqlnet.ora



增加Default Wallet记录


We now add a default username and default user password to the wallet. The default username and password are used whenever the wallet is used. To do this we use the "-wrl" and "-createEntry" options

[oracle@anbob anbob]$ mkstore -wrl $ORACLE_HOME/network/admin/wallets/anbob -createEntry oracle.security.client.default_username anbob;
Enter password:

Could not open wallet. Check password
--这时输入的是wallet的上面建的钱包密码非用户密码,下面也是
[oracle@anbob anbob]$ mkstore -wrl $ORACLE_HOME/network/admin/wallets/anbob -createEntry oracle.security.client.default_username anbob;
Enter password:

[oracle@anbob anbob]$ mkstore -wrl $ORACLE_HOME/network/admin/wallets/anbob -createEntry oracle.security.client.default_password anbob;
Enter password:

note:oracle.security.client.default_password 只是个别名而已!

List Wallet Entries:

We now list the entries in the wallet using the mkstore "-list" option:

[oracle@anbob anbob]$ mkstore -wrl $ORACLE_HOME/network/admin/wallets/anbob -list
Enter password:

Oracle Secret Store entries:
oracle.security.client.default_password
oracle.security.client.default_username

[oracle@anbob anbob]$ mkstore -wrl $ORACLE_HOME/network/admin/wallets/anbob -viewEntry oracle.security.client.default_password
Enter password:

oracle.security.client.default_password = anbob


note:这里有别于
[oracle@primary wallet]$ $ORACLE_HOME/bin/mkstore -wrl $ORACLE_HOME/network/admin/wallet -createCredential
Enter password: 的方法,这种创建会显示tnsname,用户名

[oracle@primary wallet]$ $ORACLE_HOME/bin/mkstore -wrl $ORACLE_HOME/network/admin/wallet -listCredential
Enter password:




Configure the Wallet for use - sqlnet.ora: 上面的文件和sqlnet.ora配置路径是client路径,可以copy


现在我们就有了一个钱夹. The following entries are added to the sqlnet.ora file:


[oracle@anbob admin]$ vi sqlnet.ora
# sqlnet.ora Network Configuration File: /oracle10g/app/oracle/product/10.2.0/db_1/network/admin/sqlnet.ora
# Generated by Oracle configuration tools.

NAMES.DIRECTORY_PATH= (TNSNAMES, EZCONNECT)

# append
WALLET_LOCATION =
(SOURCE =
(METHOD = FILE)
(METHOD_DATA =
(DIRECTORY = /oracle10g/app/oracle/product/10.2.0/db_1/network/admin/wallets/anbob)
)
)

SQLNET.WALLET_OVERRIDE = TRUE
SSL_CLIENT_AUTHENTICATION = FALSE
SSL_VERSION = 0



下面测试看是否可以登录

登录本机


[oracle@anbob admin]$ sqlplus /

SQL*Plus: Release 10.2.0.1.0 - Production on 骀涓 1?4 19:26:04 2012

Copyright (c) 1982, 2005, Oracle. All rights reserved.

Connected to:
Oracle Database 10g Enterprise Edition Release 10.2.0.1.0 - Production
With the Partitioning, OLAP and Data Mining options

SQL> show user
USER is "ANBOB"



登录其它服务器--前提对方也有anbob用户及相应密码


[oracle@anbob admin]$ vi tnsnames.ora

#append
d191 =
(DESCRIPTION =
(ADDRESS = (PROTOCOL = TCP)(HOST = 192.168.191.11)(PORT = 1521))
(CONNECT_DATA =
(SERVICE_NAME = ncme)
)
)
)

[oracle@anbob admin]$ sqlplus /@d191

SQL*Plus: Release 10.2.0.1.0 - Production on 骀涓 1?4 19:27:16 2012

Copyright (c) 1982, 2005, Oracle. All rights reserved.

Connected to:
Oracle Database 10g Enterprise Edition Release 10.2.0.1.0 - Production
With the Partitioning, OLAP and Data Mining options

SQL> show user
USER is "ANBOB"

 



每一部分到这,下篇用第二个参数

        

            打赏

对不起,这篇文章暂时关闭评论。

上一篇:

下一篇: