-
wallet creation
# I usally place it under TNS_ADMIN or one level below in a separate # directory e.g. TNS_ADMIN=/oracle/admin/network/admin and then wallet # is in /oracle/admin/network/wallet # the call requires to specify a password twice, which is a global # password to the wallet $ mkstore -wrl /oracle/admin/network/wallet/my.wallet -create Oracle Secret Store Tool : Version 11.2.0.4.0 - Production Copyright (c) 2004, 2013, Oracle and/or its affiliates. All rights reserved. Enter password: Enter password again:
-
adding entries to the wallet
- creating an entry in the tnsnames.ora - as one will connect through that entry without password
alias_in_tns = (DESCRIPTION = (ADDRESS = (PROTOCOL = TCP) (HOST = host1) (PORT = 1521)) (CONNECT_DATA = (SERVICE_NAME = service1)))
- creating credentials for user1 in the wallet (db_user1 is TNS entry, user1 the schema name, pass is a password)
[oracle@ap-murex1t admin]$ mkstore -wrl [path to wallet directory] \ -createCredential alias_in_tnsnames user1 pass Oracle Secret Store Tool : Version 11.2.0.4.0 - Production Copyright (c) 2004, 2013, Oracle and/or its affiliates. All rights reserved. Enter wallet password: Create credential oracle.security.client.connect_string1
- creating an entry in the tnsnames.ora - as one will connect through that entry without password
The default privileges on the wallet directory are set only for the wallet owner, so other users would get the ORA-12578 and be asked for credentials. Of course this has a perfect sense to limit access to the wallet. However sometimes You need it on a test environment and may abuse it simply by setting permissions also for others.
The whole thing works of course only if one provide correct information in the sqlnet.ora file.
WALLET_LOCATION = (SOURCE = (METHOD = FILE)(METHOD_DATA = (DIRECTORY = [path to wallet directory]))) SQLNET.WALLET_OVERRIDE = TRUE
No comments:
Post a Comment