从Oracle10gR2开始, 通过使用Oracle Wallet达到任意用户不使用密码登录数据库(非操作系统认证方式),
这对在shell中要使用用户密码登录数据库进行操作的脚本来说是非常有用的, 可以不暴露用户密码. 比如在Oracle客
户端通过 mkstore命令设置 Wallet认证信息, 然后通过"sqlplus "方式就可以直接连接数据库
例子:test用户可以不需要密码登录
1>mkstore用法如下
[oracle@primary ~]$ $ORACLE_HOME/bin/mkstore -wrl $ORACLE_HOME/network/admin/wallet -create
Enter password:
输入wallet密码
Enter password again:
确认wallet密码
2>查看wallet目录是否创建
[oracle@primary ~]$ cd /data/oracle/product/10.2.1/network/admin/wallet/
[oracle@primary wallet]$ ll
total 16
-rw------- 1 oracle dba 7940 Mar 26 15:10 cwallet.sso
-rw------- 1 oracle dba 7912 Mar 26 15:10 ewallet.p12
3>配置一个connect string
primary =
(DESCRIPTION =
(ADDRESS = (PROTOCOL = TCP)(HOST = 192.168.6.2)(PORT = 1521))
(CONNECT_DATA =
(SERVER = DEDICATED)
(SID = source)
)
)
4>加入用户验证信息到wallet
[oracle@primary wallet]$ $ORACLE_HOME/bin/mkstore -wrl $ORACLE_HOME/network/admin/wallet -createCredential primary test "test"
Enter password:
输入wallet密码
Create credential oracle.security.client.connect_string1
5>确认用户认证信息已经加入到wallet
[oracle@primary wallet]$ $ORACLE_HOME/bin/mkstore -wrl $ORACLE_HOME/network/admin/wallet -listCredential
Enter password:
List credential (index: connect_string username)
1: primary test
6> 加入wallet位置信息到sqlnet.ora
WALLET_LOCATION=(SOURCE=(METHOD=FILE)(METHOD_DATA=(DIRECTORY=/data/oracle/product/10.2.1/network/admin/wallet)))
SQLNET.WALLET_OVERRIDE=TRUE
7>验证
[oracle@primary admin]$ sqlplus
SQL*Plus: Release 10.2.0.1.0 - Production on Fri Mar 26 15:17:16 2010
Copyright (c) 1982, 2005, Oracle. All rights reserved.
Connected to:
Oracle Database 10g Enterprise Edition Release 10.2.0.1.0 - Production
With the Partitioning, OLAP and Data Mining options
SQL> show user
USER is "TEST"
SQL>
----------------------------------------------------------------------------------------------------
wallet的简单管理
1. list the contents of the external password store
mkstore -wrl /oracle/product/10.2.0/Db_1/network/admin -listCredential
2. add database login credentials:
mkstore -wrl /oracle/product/10.2.0/Db_1/network/admin -createCredential
3. modify database login credentials:
mkstore -wrl /oracle/product/10.2.0/Db_1/network/admin -modifyCredential
4. delete database login credentials:
mkstore -wrl /oracle/product/10.2.0/Db_1/network/admin -deleteCredential