创建一个目录来存放wallet
[oracle@localhost trace]$ mkdir -p/u01/app/oracle/wallets
在客户端通过下面命令创建一个wallet
[oracle@localhost trace]$ mkstore -wrl /u01/app/oracle/wallets -create
Oracle Secret Store Tool : Version 11.2.0.4.0 - Production
Copyright (c) 2004, 2013, Oracle and/or its affiliates. All rights reserved.
Enter password:
Enter password again:
输入的密码是wallet的管理密码,在创建具体用户的wallet时需要用到
在目录下会生成下面文件
[oracle@localhost wallets]$ ls/u01/app/oracle/wallets
cwallet.sso ewallet.p12
创建数据库连接证书
[oracle@localhost trace]$ mkstore -wrl /u01/app/oracle/wallets -createCredential DB_FIRE scott
Oracle Secret Store Tool : Version 11.2.0.4.0 - Production
Copyright (c) 2004, 2013, Oracle and/or its affiliates. All rights reserved.
Your secret/Password is missing in the command line
Enter your secret/Password: # 输入scott的密码
Re-enter your secret/Password: # 再次输入scott的密码
Enter wallet password: # 输入wallet的管理密码
Create credential oracle.security.client.connect_string1
/u01/app/oracle/wallets是在之前创建的wallet存放路径
DB_FIRE是TNS中的连接名
scott是数据库中的用户名
[oracle@localhost admin]$ cat tnsnames.ora
DB_FIRE =
(DESCRIPTION =
(ADDRESS = (PROTOCOL = TCP)(HOST = localhost)(PORT = 1536))
(CONNECT_DATA =
(SERVER = DEDICATED)
(SERVICE_NAME = OTA4GSRV)
)
)
在sqlnet.ora文件中,编辑WALLET_LOCATION参数,将目录路径设置为上面创建的wallet存放路径
SQLNET.WALLET_OVERRIDE参数为TRUE,会覆盖系统本身存在的外部安全认证,启用数据库认证
[oracle@localhost admin]$ vi sqlnet.ora
WALLET_LOCATION =
(SOURCE =
(METHOD = FILE)
(METHOD_DATA =
(DIRECTORY = /u01/app/oracle/wallets)
)
)
SQLNET.WALLET_OVERRIDE = TRUE
SSL_CLIENT_AUTHENTICATION = FALSE
SSL_VERSION = 0
通过下面方式实现无密码登录
[oracle@localhost admin]$ sqlplus /@DB_FIRE
SQL*Plus: Release 11.2.0.4.0 Production on Wed Jan 11 11:59:47 2017
Copyright (c) 1982, 2013, Oracle. All rights reserved.
Connected to:
Oracle Database 11g Enterprise Edition Release 11.2.0.4.0 - 64bit Production
With the Partitioning, OLAP, Data Mining and Real Application Testing options
SQL>
查看外部密码存放内容
[oracle@localhost admin]$ mkstore -wrl /u01/app/oracle/wallets -listCredential
Oracle Secret Store Tool : Version 11.2.0.4.0 - Production
Copyright (c) 2004, 2013, Oracle and/or its affiliates. All rights reserved.
Enter wallet password:
List credential (index: connect_string username)
1: DB_FIRE scott
删除外部密码存放的证书
[oracle@localhost admin]$ mkstore -wrl /u01/app/oracle/wallets -deleteCredential DB_FIRE scott
Oracle Secret Store Tool : Version 11.2.0.4.0 - Production
Copyright (c) 2004, 2013, Oracle and/or its affiliates. All rights reserved.
Enter wallet password:
Delete credential
Delete 1
test invalid
Invalid command: scott
[oracle@localhost admin]$ mkstore -wrl /u01/app/oracle/wallets -listCredential
Oracle Secret Store Tool : Version 11.2.0.4.0 - Production
Copyright (c) 2004, 2013, Oracle and/or its affiliates. All rights reserved.
Enter wallet password:
List credential (index: connect_string username)
删除证书后,通过无密码方式登录时,会提示错误
[oracle@localhost admin]$ sqlplus /@DB_FIRE
SQL*Plus: Release 11.2.0.4.0 Production on Wed Jan 11 14:27:27 2017
Copyright (c) 1982, 2013, Oracle. All rights reserved.
ERROR:
ORA-01017: invalid username/password; logon denied