oracle无+密码登陆,Oracle 11g通过wallet实现无密码登录

创建一个目录来存放wallet

[oracle@localhost trace]$ mkdir -p/u01/app/oracle/wallets

在客户端通过下面命令创建一个wallet

[oracle@localhost trace]$ mkstore -wrl /u01/app/oracle/wallets -create

Oracle Secret Store Tool : Version 11.2.0.4.0 - Production

Copyright (c) 2004, 2013, Oracle and/or its affiliates. All rights reserved.

Enter password:

Enter password again:

输入的密码是wallet的管理密码，在创建具体用户的wallet时需要用到

在目录下会生成下面文件

[oracle@localhost wallets]$ ls/u01/app/oracle/wallets

cwallet.sso  ewallet.p12

创建数据库连接证书

[oracle@localhost trace]$ mkstore -wrl /u01/app/oracle/wallets -createCredential DB_FIRE  scott

Oracle Secret Store Tool : Version 11.2.0.4.0 - Production

Copyright (c) 2004, 2013, Oracle and/or its affiliates. All rights reserved.

Your secret/Password is missing in the command line

Enter your secret/Password:        # 输入scott的密码

Re-enter your secret/Password:        # 再次输入scott的密码

Enter wallet password:               # 输入wallet的管理密码

Create credential oracle.security.client.connect_string1

/u01/app/oracle/wallets是在之前创建的wallet存放路径

DB_FIRE是TNS中的连接名

scott是数据库中的用户名

[oracle@localhost admin]$ cat tnsnames.ora

DB_FIRE =

(DESCRIPTION =

(ADDRESS = (PROTOCOL = TCP)(HOST = localhost)(PORT = 1536))

(CONNECT_DATA =

(SERVER = DEDICATED)

(SERVICE_NAME = OTA4GSRV)

)

)

在sqlnet.ora文件中，编辑WALLET_LOCATION参数，将目录路径设置为上面创建的wallet存放路径

SQLNET.WALLET_OVERRIDE参数为TRUE，会覆盖系统本身存在的外部安全认证，启用数据库认证

[oracle@localhost admin]$ vi sqlnet.ora

WALLET_LOCATION =

(SOURCE =

(METHOD = FILE)

(METHOD_DATA =

(DIRECTORY = /u01/app/oracle/wallets)

)

)

SQLNET.WALLET_OVERRIDE = TRUE

SSL_CLIENT_AUTHENTICATION = FALSE

SSL_VERSION = 0

通过下面方式实现无密码登录

[oracle@localhost admin]$ sqlplus /@DB_FIRE

SQL*Plus: Release 11.2.0.4.0 Production on Wed Jan 11 11:59:47 2017

Copyright (c) 1982, 2013, Oracle.  All rights reserved.

Connected to:

Oracle Database 11g Enterprise Edition Release 11.2.0.4.0 - 64bit Production

With the Partitioning, OLAP, Data Mining and Real Application Testing options

SQL>

查看外部密码存放内容

[oracle@localhost admin]$ mkstore -wrl /u01/app/oracle/wallets -listCredential

Oracle Secret Store Tool : Version 11.2.0.4.0 - Production

Copyright (c) 2004, 2013, Oracle and/or its affiliates. All rights reserved.

Enter wallet password:

List credential (index: connect_string username)

1: DB_FIRE scott

删除外部密码存放的证书

[oracle@localhost admin]$ mkstore -wrl /u01/app/oracle/wallets -deleteCredential DB_FIRE  scott

Oracle Secret Store Tool : Version 11.2.0.4.0 - Production

Copyright (c) 2004, 2013, Oracle and/or its affiliates. All rights reserved.

Enter wallet password:

Delete credential

Delete 1

test invalid

Invalid command: scott

[oracle@localhost admin]$ mkstore -wrl /u01/app/oracle/wallets -listCredential

Oracle Secret Store Tool : Version 11.2.0.4.0 - Production

Copyright (c) 2004, 2013, Oracle and/or its affiliates. All rights reserved.

Enter wallet password:

List credential (index: connect_string username)

删除证书后，通过无密码方式登录时，会提示错误

[oracle@localhost admin]$ sqlplus /@DB_FIRE

SQL*Plus: Release 11.2.0.4.0 Production on Wed Jan 11 14:27:27 2017

Copyright (c) 1982, 2013, Oracle.  All rights reserved.

ERROR:

ORA-01017: invalid username/password; logon denied