在Oracle 10G前,我们在SHELL或JDBC中连接数据库时,都需要输入用户名与密码,并且都是明文。从1OGR2开始,ORACLE提供wallet这个工具,可以实现无需输入用户名与密码就可以登陆数据库,如下: 一般情况:sqlplus scott/Oracle@htzdg 用wallet后:sqlplus /@ht
在Oracle 10G前,我们在SHELL或JDBC中连接数据库时,都需要输入用户名与密码,并且都是明文。从1OGR2开始,ORACLE提供wallet这个工具,可以实现无需输入用户名与密码就可以登陆数据库,如下:
一般情况:sqlplus scott/Oracle@htzdg
用wallet后:sqlplus /@htzdg
测试环境:
server :solaris 10,Oracle 11gr2
client :win 7,Oracle11gr2
登陆端配置tnsnames.ora文件,增加下面几行
HTZDG =
(DESCRIPTION =
(ADDRESS_LIST =
(ADDRESS = (PROTOCOL = TCP)(HOST = 192.168.100.30)(PORT = 1521))
)
(CONNECT_DATA =
(SERVER = DEDICATED)
(SERVICE_NAME = htzdg)
)
)
测试是否可以正常解析
C:\Users\luoping>tnsping htzdg
TNS Ping Utility for 32-bit Windows: Version 11.2.0.1.0 - Production on 29-8月 -
2012 21:40:40
Copyright (c) 1997, 2010, Oracle. All rights reserved.
已使用的参数文件:
D:\app\luoping\product\11.2.0\client_1\network\admin\sqlnet.ora
已使用 TNSNAMES 适配器来解析别名
尝试连接 (DESCRIPTION = (ADDRESS_LIST = (ADDRESS = (PROTOCOL = TCP)(HOST = 192.1
68.100.30)(PORT = 1521))) (CONNECT_DATA = (SERVER = DEDICATED) (SERVICE_NAME = h
tzdg)))
OK (40 毫秒)
C:\Users\luoping>
下面是开始配置wallet
1,创建一个wallet
D:\app\luoping\product\11.2.0\client_1\BIN>mkstore -wrl D:\app\luoping\product\11.2.0\client_1\pstore -create
Oracle Secret Store Tool: 版本 11.2.0.1.0 - Production
版权所有 (c) 2004, 2009, Oracle 和/或其子公司。保留所有权利。
输入口令:
再次输入口令:
D:\app\luoping\product\11.2.0\client_1\BIN>cd ../
D:\app\luoping\product\11.2.0\client_1>cd pstore
D:\app\luoping\product\11.2.0\client_1\pstore>dir
驱动器 D 中的卷是 DATA
卷的序列号是 D60C-09BD
D:\app\luoping\product\11.2.0\client_1\pstore 的目录
2012/08/29 15:39
.
2012/08/29 15:39 ..
2012/08/29 15:39 3,589 cwallet.sso
2012/08/29 15:39 3,512 ewallet.p12
2 个文件 7,101 字节
2 个目录 368,717,893,632 可用字节
2,启动wallet与指定wallet位置
D:\app\luoping\product\11.2.0\client_1\network\admin>more sqlnet.ora
# sqlnet.ora Network Configuration File: D:\app\luoping\product\11.2.0\client_1\
network\admin\sqlnet.ora
# Generated by Oracle configuration tools.
# This file is actually generated by netca. But if customers choose to
# install "Software Only", this file wont exist and without the native
# authentication, they will not be able to connect to the database on NT.
SQLNET.AUTHENTICATION_SERVICES= (NTS)
NAMES.DIRECTORY_PATH= (TNSNAMES, EZCONNECT)
WALLET_LOCATION=(SOURCE=(METHOD=FILE)(METHOD_DATA=(DIRECTORY=D:\app\luoping\product\11.2.0\client_1\pstore)))
SQLNET.WALLET_OVERRIDE=TRUE
3,增加需要登陆的网络服务名,用户,密码到wallet中
D:\app\luoping\product\11.2.0\client_1\BIN>mkstore -wrl D:\app\luoping\product\1
1.2.0\client_1\pstore -createCredential htzdg sys Oracle
Oracle Secret Store Tool: 版本 11.2.0.1.0 - Production
版权所有 (c) 2004, 2009, Oracle 和/或其子公司。保留所有权利。
输入 Wallet 口令:
Create credential Oracle.security.client.connect_string1
4,测试是否成功
D:\app\luoping\product\11.2.0\client_1\BIN>sqlplus /@htzdg as sysdba
SQL*Plus: Release 11.2.0.1.0 Production on 星期三 8月 29 17:48:27 2012
Copyright (c) 1982, 2010, Oracle. All rights reserved.
连接到:
Oracle Database 11g Enterprise Edition Release 11.2.0.1.0 - 64bit Production
With the Partitioning, OLAP, Data Mining and Real Application Testing options
SQL>
5,查看wallet中配置的网络服务名
D:\app\luoping\product\11.2.0\client_1\BIN>mkstore -wrl d:\app\luoping\product\1
1.2.0\client_1\pstore -listCredential
Oracle Secret Store Tool: 版本 11.2.0.1.0 - Production
版权所有 (c) 2004, 2009, Oracle 和/或其子公司。保留所有权利。
输入 Wallet 口令:
List credential (index: connect_string username)
1: htzdg sys
6,一个网络服务名,只能对应一个用户,如果相同的数据库有多少用户需要在同一个client通过wallet实现时,我们需要每一个用户,创建一个网络服务名。
下面是测试一个网络服务名,相增加两个用户时,报错。
C:\Users\luoping>mkstore -wrl D:\app\luoping\product\11.2.0\client_1\pstore -cre
ateCredential htzdg scott Oracle
Oracle Secret Store Tool: 版本 11.2.0.1.0 - Production
版权所有 (c) 2004, 2009, Oracle 和/或其子公司。保留所有权利。
输入 Wallet 口令:
Create credential 出现密钥存储错误: Oracle.security.pki.OracleSecretStoreExcepti
on: Credential already exists
7,当密码修改后,要手动更新wallet中相应的密码。不然要报错的。
D:\app\luoping\product\11.2.0\client_1\BIN>sqlplus /@htzdg as sysdba
SQL*Plus: Release 11.2.0.1.0 Production on 星期三 8月 29 17:45:56 2012
Copyright (c) 1982, 2010, Oracle. All rights reserved.
连接到:
Oracle Database 11g Enterprise Edition Release 11.2.0.1.0 - 64bit Production
With the Partitioning, OLAP, Data Mining and Real Application Testing options
SQL>
SQL> alter user sys identified by htz;
用户已更改。
SQL> exit
从 Oracle Database 11g Enterprise Edition Release 11.2.0.1.0 - 64bit Production
With the Partitioning, OLAP, Data Mining and Real Application Testing options 断
开
D:\app\luoping\product\11.2.0\client_1\BIN>sqlplus /@htzdg as sysdba
SQL*Plus: Release 11.2.0.1.0 Production on 星期三 8月 29 17:46:25 2012
Copyright (c) 1982, 2010, Oracle. All rights reserved.
ERROR:
ORA-01017: invalid username/password; logon denied
请输入用户名:
D:\app\luoping\product\11.2.0\client_1\BIN>mkstore -wrl D:\app\luoping\product\1
1.2.0\client_1\pstore -modifyCredential htzdg sys
Oracle Secret Store Tool: 版本 11.2.0.1.0 - Production
版权所有 (c) 2004, 2009, Oracle 和/或其子公司。保留所有权利。
命令行中缺少您的密钥/口令
请输入您的密钥/口令:
请重新输入您的密钥/口令:
输入 Wallet 口令:
Modify credential
Modify 1
D:\app\luoping\product\11.2.0\client_1\BIN>
D:\app\luoping\product\11.2.0\client_1\BIN>mkstore -wrl D:\app\luoping\product\1
1.2.0\client_1\pstore -modifyCredential htzdg sys
Oracle Secret Store Tool: 版本 11.2.0.1.0 - Production
版权所有 (c) 2004, 2009, Oracle 和/或其子公司。保留所有权利。
命令行中缺少您的密钥/口令
请输入您的密钥/口令:
请重新输入您的密钥/口令:
输入 Wallet 口令:
Modify credential
Modify 1
D:\app\luoping\product\11.2.0\client_1\BIN>
D:\app\luoping\product\11.2.0\client_1\BIN>sqlplus /@htzdg as sysdba
SQL*Plus: Release 11.2.0.1.0 Production on 星期三 8月 29 17:48:27 2012
Copyright (c) 1982, 2010, Oracle. All rights reserved.
连接到:
Oracle Database 11g Enterprise Edition Release 11.2.0.1.0 - 64bit Production
With the Partitioning, OLAP, Data Mining and Real Application Testing options
SQL>
8,手动删除wallet中的记录
D:\app\luoping\product\11.2.0\client_1\BIN>mkstore -wrl d:\app\luoping\product\1
1.2.0\client_1\pstore -deleteCredential htzdg
Oracle Secret Store Tool: 版本 11.2.0.1.0 - Production
版权所有 (c) 2004, 2009, Oracle 和/或其子公司。保留所有权利。
输入 Wallet 口令:
Delete credential
Delete 1
9,mkstore命令帮忙手册
D:\app\luoping\product\11.2.0\client_1\BIN>mkstore
Oracle Secret Store Tool: 版本 11.2.0.1.0 - Production
版权所有 (c) 2004, 2009, Oracle 和/或其子公司。保留所有权利。
mkstore [-wrl wrl] [-create] [-createSSO] [-createLSSO] [-createALO] [-delete] [
-deleteSSO] [-list] [-createEntry alias secret] [-viewEntry alias] [-modifyEntry
alias secret] [-deleteEntry alias] [-createCredential connect_string username p
assword] [-listCredential] [-modifyCredential connect_string username password]
[-deleteCredential connect_string] [-help] [-nologo]
声明:本网页内容旨在传播知识,若有侵权等问题请及时与本网联系,我们将在第一时间删除处理。TEL:177 7030 7066 E-MAIL:11247931@qq.com