首页 » ORACLE » wallet,外部存储用户名密码,createEntry与createCredential区别(二)

wallet,外部存储用户名密码,createEntry与createCredential区别(二)

接着上篇

wallet文件可以copy到不同的机器修改client的sqlnet.ora就可以,11g用orapki来替换mkstore

我再来做另一个实验用-createCredential的参数,虽然在mksotre的help 中没有显示,但是它还是可以用的,注意我换了wallet目录

在tnsnames.ora再重新copy一个别外
d191_11=
(DESCRIPTION =
(ADDRESS = (PROTOCOL = TCP)(HOST = 192.168.191.11)(PORT = 1521))
(CONNECT_DATA =
(SERVER = DEDICATED)
(SERVICE_NAME = ncme)
)
)
)

建钱包
[oracle@anbob weejar]$ mkstore -wrl /oracle10g/app/oracle/product/10.2.0/db_1/network/admin/wallets/weejar -create
Enter password:         

Enter password again: 
--输入963852

[oracle@anbob weejar]$ ls
cwallet.sso  ewallet.p12
装钱
[oracle@anbob weejar]$ mkstore -wrl /oracle10g/app/oracle/product/10.2.0/db_1/network/admin/wallets/weejar -createCredential d191_11 weejar weejar123
Enter password:         
   
Create credential oracle.security.client.connect_string1
[oracle@anbob weejar]$ mkstore -wrl /oracle10g/app/oracle/product/10.2.0/db_1/network/admin/wallets/weejar -createCredential d191_11 anbob anbob
Enter password:         

Create credential Secret Store error occured: oracle.security.pki.OracleSecretStoreException: Credential already exists

note:createCredential参数后跟tnsname dbusername dbpassword ,回车后提示的密码是输入wallet时的密码,注意我在这里故意出错就是提醒每个tnsname只能对应一个用户连接

列出钱包内容
[oracle@anbob weejar]$ mkstore -wrl /oracle10g/app/oracle/product/10.2.0/db_1/network/admin/wallets/weejar -listCredential
Enter password:         
   
List credential (index: connect_string username)
1: d191_11 weejar

修改sqlnet.ora

NAMES.DIRECTORY_PATH= (TNSNAMES, EZCONNECT)
WALLET_LOCATION =
   (SOURCE =
     (METHOD = FILE)
     (METHOD_DATA =
       (DIRECTORY = /oracle10g/app/oracle/product/10.2.0/db_1/network/admin/wallets/weejar)
     )
   )

SQLNET.WALLET_OVERRIDE = TRUE
SSL_CLIENT_AUTHENTICATION = FALSE
SSL_VERSION = 0

[oracle@anbob admin]$ sqlplus /@d191_11

SQL*Plus: Release 10.2.0.1.0 - Production on 骀涓 1?4 21:11:58 2012

Copyright (c) 1982, 2005, Oracle.  All rights reserved.


Connected to:
Oracle Database 10g Enterprise Edition Release 10.2.0.1.0 - Production
With the Partitioning, OLAP and Data Mining options

SQL> show user
USER is "WEEJAR"

note:wallet 实现了在数据库的外部存储密码而非明文,wallet文件可以在不同机器上copy,createEntry 创建的只是绑定了用户名和密码,createCredential绑定了tnsname,用户名和密码,每个tnsname对应一个认证,每个wellet一个目录,最后的登录用 sqlplus /@tnsname连接,也可以修改wallet密码,或删除,花了两天的时间呀..

打赏

对不起,这篇文章暂时关闭评论。