Thursday, 18 June 2015

Steps to configure Oracle Wallet for Storing schema password

   Following are steps to configure Oracle wallet so that the authorized user need not be specified the password and username while connecting to the database. It will be helpful if we have a shell scripts to be executed and which the credential in clear case. Once this is configured, credential information can be removed from the file and database can be accessed using the alias specified in the wallet configuration. 



  • Decide the location of the Oracle wallet say("/u01/app/oracle/wallet")



  • Add the following lines to the sqlnet.ora which is present at $ORACLE_HOME/network/admin/sqlnet.ora

    1. WALLET_LOCATION =  
    2.    (SOURCE =  
    3.      (METHOD = FILE)  
    4.      (METHOD_DATA =  
    5.        (DIRECTORY = /u01/app/oracle/wallet)  
    6.      )  
    7.    )  
    8.   
    9. SQLNET.WALLET_OVERRIDE = TRUE  
    10. SSL_CLIENT_AUTHENTICATION = FALSE  
    11. SSL_VERSION = 0 
    The SQLNET.WALLET_OVERRIDE entry allows this method to override any existing OS authentication configuration. 



  • Create an Oracle wallet in the previously specified location using the mkstore utility with the -create option. The wallet is password protected, but is defined with the "Auto Login" property enabled so connection attempts by the user who created the wallet do not require a password. It will ask for a wallet password.

    • view plaincopy to clipboardprint?
    1. $ mkdir /u01/app/oracle/wallet  
    2. $ mkstore -wrl "/u01/app/oracle/wallet" -create  
    3. Enter password:  
    4. Enter password again:  
    5. $  

    Add the password credential to the wallet using the following command.

    1. $ mkstore -wrl "/u01/app/oracle/wallet" -createCredential db10g_test scott tiger  
    2. Enter password:  
    3.   
    4. Create credential oracle.security.client.connect_string1  
    5.   
    6. $  

    The db_alias, in this case "db10g", is the identifier used in the "/@db_alias" syntax, and must have a matching entry in the "tnsnames.ora" file. 



  • If multiple users are present, simply add a new entry into the wallet using a different db_alias and make sure the alias is present in the "tnsnames.ora" file.
    Make a new entry for the "db10g" database in the client "tnsnames.ora" file.

    1. DB10G_TEST =  
    2.   (DESCRIPTION =  
    3.     (ADDRESS = (PROTOCOL = TCP)(HOST = <IP_ADDRESS>)(PORT = 1521))  
    4.     (CONNECT_DATA =  
    5.       (SERVER = DEDICATED)  
    6.       (SERVICE_NAME = <SID>)  
    7.     )  
    8.   )  



  • Now connect to the "test" user as shown below.

    1. $ sqlplus /@db10g_test  
    2.   
    3. SQL*Plus: Release 10.2.0.1.0 - Production on Thu Jul 19 10:17:47 2007  
    4.   
    5. Copyright (c) 19822005, Oracle.  All rights reserved.  
    6.   
    7. Connected to:  
    8. Oracle Database 10g Enterprise Edition Release 10.2.0.1.0 - Production  
    9. With the Partitioning, Oracle Label Security, OLAP and Data Mining Scoring Engine options  
    10.   
    11. SQL> show user  
    12. USER is "SCOTT"  
    13.   
    14. SQL  

    Posted by at

    No comments:

    Post a Comment

    Subscribe to: Post Comments (Atom)