Shulou(Shulou.com)06/01 Report--

Wallet action

Starting from Oracle 10g R2, any user can log in to the database without a password (non-operating system authentication) by using Oracle Wallet, which is very useful for scripts that want to log in to the database with a user password in shell without exposing the user password. For example, in the Oracle client through the mkstore command to set Wallet authentication information, and then through the "sqlplus/@connect_string" mode can directly connect to the database.

In this example, sysrls users do not need to use a password to log in to the system. The usage of mkstore is as follows:

$$ORACLE_HOME/bin/mkstore

Mkstore [- wrl wrl] [- create] [- createSSO] [- delete] [- deleteSSO] [- list] [- createEntry alias secret] [- viewEntry alias] [- modifyEntry alias secret] [- deleteEntry alias] [- help]

1) install Oracle Client

2) create wallet storage directory and modify .bash _ profile

Mkdir / home/sysrls/wallet

Vi .bash _ profile

ORACLE_BASE=/opt/oraappORACLE_HOME=/opt/oraapp/client/12.1.0.2_x64_DBAocl030TNS_ADMIN=$ORACLE_HOME/network/admin/PATH=$ORACLE_HOME/bin:$PATHLD_LIBRARY_PATH=$ {ORACLE_HOME} / lib:$ {LD_LIBRARY_PATH} LANG= "en_US.UTF-8" NLS_LANG= "AMERICAN_AMERICA.AL32UTF8" ORA_NLS10=$ORACLE_HOME/nls/dataexport ORACLE_BASE LANG ORACLE_HOME PATHLD_LIBRARY_PATH NLS_LANG ORA_NLS10 TNS_ADMIN

3) generate wallet

$$ORACLE_HOME/bin/mkstore-wrl / home/sysrls/wallet-create

Enter password:

Enter password again:

[sysrls@cnl20059850 wallet] $ll

Total 8

-rw-. 1 sysrls sysrls 581 Jul 18 11:01 cwallet.sso

-rw-rw-rw-. 1 sysrls sysrls 0 Jul 18 10:52 cwallet.sso.lck

-rw-. 1 sysrls sysrls 536 Jul 18 11:01 ewallet.p12

-rw-rw-rw-. 1 sysrls sysrls 0 Jul 18 10:52 ewallet.p12.lck

4) modify network configuration

Vi $ORACLE_HOME/network/admin/tnsnames.ora

CRCDB =

(DESCRIPTION =

(ADDRESS_LIST =

(ADDRESS = (PROTOCOL = TCP) (HOST = 133.9.207.35) (PORT = 2001))

)

(CONNECT_DATA = (SERVER = DEDICATED) (SERVICE_NAME = CRCDB)

)

)

$vi $ORACLE_HOME/network/admin/sqlnet.ora

WALLET_LOCATION= (SOURCE= (METHOD=FILE) (METHOD_DATA= (DIRECTORY=/home/sysrls/wallet)

SQLNET.WALLET_OVERRIDE=TRUE

5) generate Credential for specific database users

$ORACLE_HOME/bin/mkstore-wrl / home/u_test/wallet-createCredential CRCDB wallet test123

5) confirm that user authentication information has been added to Wallet

$ORACLE_HOME/bin/mkstore-wrl $ORACLE_HOME/network/admin/wallet-listCredential

6) how to generate and make wallet available natively only

Oracle Wallet is a container that stores authentication and signing credentials.

Trusted certificates are stored in the Oracle Wallet when the wallet is used for security credentials.

PeopleSoft enables you to create an Oracle Wallet in two ways:

ORAPKI command line-The ORAPKI tool is available with Oracle database, so this tool can be used only by those users have a license for Oracle database.

OpenSSL utility-Users who do not have a license for Oracle database can use this utility to create their own certificates.

After creating an Oracle Wallet, you must configure SSL for the Workstation Listener and Jolt Listener ports to ensure secure client and server communications.

7) maintenance

Generate wallet

Mkstore-wrl / home/sysrls/wallet/-createCredential CRCDB wallet Frank

Oracle Secret Store Tool: Version 12.1.0.2

Copyright (c) 2004, 2014, Oracle and/or its affiliates. All rights reserved.

Enter wallet password:

Create credential oracle.security.client.connect_string1

View authentication information in wallet

[sysrls@cnl20059850 wallet] $mkstore-wrl / home/sysrls/wallet-listCredential

Oracle Secret Store Tool: Version 12.1.0.2

Copyright (c) 2004, 2014, Oracle and/or its affiliates. All rights reserved.

Enter wallet password:

List credential (index: connect_string username)

1: CRCDB wallet

[sysrls@cnl20059850 wallet] $

Modify authentication information in wallet

[sysrls@cnl20059850 wallet] $mkstore-wrl / home/sysrls/wallet/-modifyCredential CRCDB wallet test2

Oracle Secret Store Tool: Version 12.1.0.2

Copyright (c) 2004, 2014, Oracle and/or its affiliates. All rights reserved.

Enter wallet password:

Modify credential

Modify 1

Delete authentication information in wallet

Mkstore-wrl / home/sysrls/wallet-deleteCredential CRCDB

View entries in wallet

[sysrls@cnl20059850 wallet] $mkstore-wrl / home/sysrls/wallet/-list

Oracle Secret Store Tool: Version 12.1.0.2

Copyright (c) 2004, 2014, Oracle and/or its affiliates. All rights reserved.

Enter wallet password:

Oracle Secret Store entries:

Oracle.security.client.connect_string1

Oracle.security.client.password1

Oracle.security.client.username1

View the value of an entry in wallet

[sysrls@cnl20059850 wallet] $mkstore-wrl / home/sysrls/wallet/-viewEntry oracle.security.client.connect_string1

Oracle Secret Store Tool: Version 12.1.0.2

Copyright (c) 2004, 2014, Oracle and/or its affiliates. All rights reserved.

Enter wallet password:

Oracle.security.client.connect_string1 = CRCDB

[sysrls@cnl20059850 wallet] $mkstore-wrl / home/sysrls/wallet/-viewEntry oracle.security.client.username1

Oracle Secret Store Tool: Version 12.1.0.2

Copyright (c) 2004, 2014, Oracle and/or its affiliates. All rights reserved.

Enter wallet password:

Oracle.security.client.username1 = wallet

[sysrls@cnl20059850 wallet] $mkstore-wrl / home/sysrls/wallet/-viewEntry oracle.security.client.password1

Oracle Secret Store Tool: Version 12.1.0.2

Copyright (c) 2004, 2014, Oracle and/or its affiliates. All rights reserved.

Enter wallet password:

Oracle.security.client.password1 = test2

Change the password of the wallet file

Orapki wallet change_pwd-wallet/ home/sysrls/wallet/

Comes with a small script with form maintenance

#! / bin/bash

Echo-e "Useful action\ n"

Echo-e "1) create wallet"

Echo-e "2) create Credential"

Echo-e "3) check the created Credential"

Echo-e "4) modify the created Credential"

Echo-e "5) delete the created Credential"

Echo-e "6) list Credential item"

Echo-e "7) list Credential Entry value"

Echo-e "8) modify wallet password"

Echo-e "9) exit"

Read-p "choose your action:" num1

Case $num1 in

1) echo-e "Please enter wallet password:\ n" read-s password printf "$password\ n$password\ n" | / opt/oraapp/client/12.1.0.2_x64_DBAocl030/bin/mkstore-wrl / home/sysrls/wallet/-create echo-e "wallet create success\ n" 2) echo-e "Please enter wallet password:" read-s password read-p "Please enter database tnsname:" tnsname read-p "Please enter database user:" user echo-n "Please enter database user's password:" read-s dbpass printf "$dbpass\ n$dbpass\ n$password\ n" | / opt/oraapp/client/12.1.0.2_x64_DBAocl030/bin/mkstore-wrl / home/sysrls/wallet/-createCredential $tnsname $user echo-e "Credential create success\ n" 3) echo-e "Please enter wallet password:\ n" read-s password printf "$password\ n" | / opt/oraapp/client/12.1.0.2_x64_DBAocl030/bin/mkstore-wrl / home/sysrls/wallet/-listCredential 4) echo-e "Please enter wallet password:" read-s password read-p "Please enter database tnsname:" tnsname read-p "Please enter database user:" user echo-n "Please enter database user's password:" read-s dbpass printf "$dbpass\ n$dbpass\ n$password\ n" | / opt/oraapp/client/12.1.0.2_x64_DBAocl030/bin/mkstore-wrl / home/sysrls/wallet/-modifyCredential $tnsname $user echo-e "modifyCredential success\ n" 5) echo-e "Please enter wallet password:" read-s password read-p "Please enter database tnsname:" tnsname printf "$password\ n" | / opt/oraapp/client/12.1.0.2_x64_DBAocl030/bin/mkstore-wrl / home/sysrls/wallet/-deleteCredential $tnsname echo-e "deleteCredential success\ n" 6) echo-e "Please enter wallet password:" read-s password printf "$password\ n" | / opt/oraapp/client/12.1.0.2_x64_DBAocl030/bin/mkstore-wrl / home/sysrls/wallet/-list; 7) echo-e "Please enter wallet password:" read-s password read-p "Please enter Entryname type:" type if ["$type" = = "connect"] Then printf "$password\ n" | / opt/oraapp/client/12.1.0.2_x64_DBAocl030/bin/mkstore-wrl / home/sysrls/wallet/-viewEntry oracle.security.client.connect_string1 fi if ["$type" = = "user"] Then printf "$password\ n" | / opt/oraapp/client/12.1.0.2_x64_DBAocl030/bin/mkstore-wrl / home/sysrls/wallet/-viewEntry oracle.security.client.username1 fi if ["$type" = = "password"]; then printf "$password\ n" | / opt/oraapp/client/12.1.0.2_x64_DBAocl030/bin/mkstore-wrl / home/sysrls/wallet/-viewEntry oracle.security.client.password1 fi 8) / opt/oraapp/client/12.1.0.2_x64_DBAocl030/bin/orapki wallet change_pwd-wallet/ home/sysrls/wallet/;; 9) exit 0

Esac

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.