在oracle 10G前,我們在SHELL或JDBC中連接數(shù)據(jù)庫時,都需要輸入用戶名與密碼,并且都是明文。從1OGR2開始,ORACLE提供wallet這個工具,可以實現(xiàn)無需輸入用戶名與密碼就可以登陸數(shù)據(jù)庫,如下: 一般情況:sqlplus scott/Oracle@htzdg 用wallet后:sqlplus /@ht
在Oracle 10G前,我們在SHELL或JDBC中連接數(shù)據(jù)庫時,都需要輸入用戶名與密碼,并且都是明文。從1OGR2開始,ORACLE提供wallet這個工具,可以實現(xiàn)無需輸入用戶名與密碼就可以登陸數(shù)據(jù)庫,如下:
一般情況:sqlplus scott/Oracle@htzdg
用wallet后:sqlplus /@htzdg
測試環(huán)境:
server :solaris 10,Oracle 11gr2
client :win 7,Oracle11gr2
登陸端配置tnsnames.ora文件,增加下面幾行
HTZDG =
? (DESCRIPTION =
??? (ADDRESS_LIST =
????? (ADDRESS = (PROTOCOL = TCP)(HOST = 192.168.100.30)(PORT = 1521))
??? )
??? (CONNECT_DATA =
????? (SERVER = DEDICATED)
????? (SERVICE_NAME = htzdg)
??? )
? )
測試是否可以正常解析
C:Usersluoping>tnsping htzdg
TNS Ping Utility for 32-bit Windows: Version 11.2.0.1.0 – Production on 29-8月 –
2012 21:40:40
Copyright (c) 1997, 2010, Oracle.? All rights reserved.
已使用的參數(shù)文件:
D:appluopingproduct11.2.0client_1networkadminsqlnet.ora
已使用 TNSNAMES 適配器來解析別名
嘗試連接 (DESCRIPTION = (ADDRESS_LIST = (ADDRESS = (PROTOCOL = TCP)(HOST = 192.1
68.100.30)(PORT = 1521))) (CONNECT_DATA = (SERVER = DEDICATED) (SERVICE_NAME = h
tzdg)))
OK (40 毫秒)
C:Usersluoping>
下面是開始配置wallet
??? 1,創(chuàng)建一個wallet
D:appluopingproduct11.2.0client_1BIN>mkstore -wrl D:appluopingproduct11.2.0client_1pstore -create
Oracle Secret Store Tool: 版本 11.2.0.1.0 – Production
版權(quán)所有 (c) 2004, 2009, Oracle 和/或其子公司。保留所有權(quán)利。
輸入口令:
再次輸入口令:
D:appluopingproduct11.2.0client_1BIN>cd ../
D:appluopingproduct11.2.0client_1>cd pstore
D:appluopingproduct11.2.0client_1pstore>dir
驅(qū)動器 D 中的卷是 DATA
卷的序列號是 D60C-09BD
D:appluopingproduct11.2.0client_1pstore 的目錄
2012/08/29? 15:39???
2012/08/29? 15:39???
2012/08/29? 15:39???????????? 3,589 cwallet.sso
2012/08/29? 15:39???????????? 3,512 ewallet.p12
?????????????? 2 個文件????????? 7,101 字節(jié)
?????????????? 2 個目錄 368,717,893,632 可用字節(jié)
?? 2,啟動wallet與指定wallet位置
D:appluopingproduct11.2.0client_1networkadmin>more sqlnet.ora
# sqlnet.ora Network Configuration File: D:appluopingproduct11.2.0client_1
networkadminsqlnet.ora
# Generated by Oracle configuration tools.
# This file is actually generated by netca. But if customers choose to
# install “Software Only”, this file wont exist and without the native
# authentication, they will not be able to connect to the database on NT.
SQLNET.AUTHENTICATION_SERVICES= (NTS)
NAMES.DIRECTORY_PATH= (TNSNAMES, EZCONNECT)
WALLET_LOCATION=(SOURCE=(METHOD=FILE)(METHOD_DATA=(DIRECTORY=D:appluopingproduct11.2.0client_1pstore)))
SQLNET.WALLET_OVERRIDE=TRUE
???? 3,增加需要登陸的網(wǎng)絡(luò)服務(wù)名,用戶,密碼到wallet中
D:appluopingproduct11.2.0client_1BIN>mkstore -wrl D:appluopingproduct1
1.2.0client_1pstore -createCredential htzdg sys Oracle
Oracle Secret Store Tool: 版本 11.2.0.1.0 – Production
版權(quán)所有 (c) 2004, 2009, Oracle 和/或其子公司。保留所有權(quán)利。
輸入 Wallet 口令:
Create credential Oracle.security.client.connect_string1
???? 4,測試是否成功
D:appluopingproduct11.2.0client_1BIN>sqlplus /@htzdg as sysdba
SQL*Plus: Release 11.2.0.1.0 Production on 星期三 8月 29 17:48:27 2012
Copyright (c) 1982, 2010, Oracle.? All rights reserved.
連接到:
Oracle Database 11g Enterprise Edition Release 11.2.0.1.0 – 64bit Production
With the Partitioning, OLAP, Data Mining and Real Application Testing options
SQL>
??? 5,查看wallet中配置的網(wǎng)絡(luò)服務(wù)名
D:appluopingproduct11.2.0client_1BIN>mkstore -wrl d:appluopingproduct1
1.2.0client_1pstore -listCredential
Oracle Secret Store Tool: 版本 11.2.0.1.0 – Production
版權(quán)所有 (c) 2004, 2009, Oracle 和/或其子公司。保留所有權(quán)利。
輸入 Wallet 口令:
List credential (index: connect_string username)
1: htzdg sys
??? 6,一個網(wǎng)絡(luò)服務(wù)名,只能對應(yīng)一個用戶,如果相同的數(shù)據(jù)庫有多少用戶需要在同一個client通過wallet實現(xiàn)時,我們需要每一個用戶,創(chuàng)建一個網(wǎng)絡(luò)服務(wù)名。
??? 下面是測試一個網(wǎng)絡(luò)服務(wù)名,相增加兩個用戶時,報錯。
C:Usersluoping>mkstore -wrl D:appluopingproduct11.2.0client_1pstore -cre
ateCredential htzdg scott Oracle
Oracle Secret Store Tool: 版本 11.2.0.1.0 – Production
版權(quán)所有 (c) 2004, 2009, Oracle 和/或其子公司。保留所有權(quán)利。
輸入 Wallet 口令:
Create credential 出現(xiàn)密鑰存儲錯誤: Oracle.security.pki.OracleSecretStoreExcepti
on: Credential already exists
???? 7,當(dāng)密碼修改后,要手動更新wallet中相應(yīng)的密碼。不然要報錯的。
D:appluopingproduct11.2.0client_1BIN>sqlplus /@htzdg as sysdba
SQL*Plus: Release 11.2.0.1.0 Production on 星期三 8月 29 17:45:56 2012
Copyright (c) 1982, 2010, Oracle.? All rights reserved.
連接到:
Oracle Database 11g Enterprise Edition Release 11.2.0.1.0 – 64bit Production
With the Partitioning, OLAP, Data Mining and Real Application Testing options
SQL>
SQL> alter user sys identified by htz;
用戶已更改。
SQL> exit
從 Oracle Database 11g Enterprise Edition Release 11.2.0.1.0 – 64bit Production
With the Partitioning, OLAP, Data Mining and Real Application Testing options 斷
開
D:appluopingproduct11.2.0client_1BIN>sqlplus /@htzdg as sysdba
SQL*Plus: Release 11.2.0.1.0 Production on 星期三 8月 29 17:46:25 2012
Copyright (c) 1982, 2010, Oracle.? All rights reserved.
ERROR:
ORA-01017: invalid username/password; logon denied
請輸入用戶名:
D:appluopingproduct11.2.0client_1BIN>mkstore -wrl D:appluopingproduct1
1.2.0client_1pstore -modifyCredential htzdg sys
Oracle Secret Store Tool: 版本 11.2.0.1.0 – Production
版權(quán)所有 (c) 2004, 2009, Oracle 和/或其子公司。保留所有權(quán)利。
命令行中缺少您的密鑰/口令
請輸入您的密鑰/口令:
請重新輸入您的密鑰/口令:
輸入 Wallet 口令:
Modify credential
Modify 1
D:appluopingproduct11.2.0client_1BIN>
D:appluopingproduct11.2.0client_1BIN>mkstore -wrl D:appluopingproduct1
1.2.0client_1pstore -modifyCredential htzdg sys
Oracle Secret Store Tool: 版本 11.2.0.1.0 – Production
版權(quán)所有 (c) 2004, 2009, Oracle 和/或其子公司。保留所有權(quán)利。
命令行中缺少您的密鑰/口令
請輸入您的密鑰/口令:
請重新輸入您的密鑰/口令:
輸入 Wallet 口令:
Modify credential
Modify 1
D:appluopingproduct11.2.0client_1BIN>
D:appluopingproduct11.2.0client_1BIN>sqlplus /@htzdg as sysdba
SQL*Plus: Release 11.2.0.1.0 Production on 星期三 8月 29 17:48:27 2012
Copyright (c) 1982, 2010, Oracle.? All rights reserved.
連接到:
Oracle Database 11g Enterprise Edition Release 11.2.0.1.0 – 64bit Production
With the Partitioning, OLAP, Data Mining and Real Application Testing options
SQL>
???? 8,手動刪除wallet中的記錄
D:appluopingproduct11.2.0client_1BIN>mkstore -wrl d:appluopingproduct1
1.2.0client_1pstore -deleteCredential htzdg
Oracle Secret Store Tool: 版本 11.2.0.1.0 – Production
版權(quán)所有 (c) 2004, 2009, Oracle 和/或其子公司。保留所有權(quán)利。
輸入 Wallet 口令:
Delete credential
Delete 1
???? 9,mkstore命令幫忙手冊
D:appluopingproduct11.2.0client_1BIN>mkstore
Oracle Secret Store Tool: 版本 11.2.0.1.0 – Production
版權(quán)所有 (c) 2004, 2009, Oracle 和/或其子公司。保留所有權(quán)利。
mkstore [-wrl wrl] [-create] [-createSSO] [-createLSSO] [-createALO] [-delete] [
-deleteSSO] [-list] [-createEntry alias secret] [-viewEntry alias] [-modifyEntry
alias secret] [-deleteEntry alias] [-createCredential connect_string username p
assword] [-listCredential] [-modifyCredential connect_string username password]
[-deleteCredential connect_string] [-help] [-nologo]