在ORACLE 10G前,我们在SHELL或JDBC中连接数据库时,都需要输入用户名与密码,并且都是明文。从1OGR2开始,ORACLE提供wallet这个工具,可以实现无需输入用户名与密码就可以登陆数据库,如下:
一般情况:sqlplus scott/oracle@htzdg
用wallet后:sqlplus /@htzdg
测试环境:
server :solaris 10,oracle 11gr2
client :win 7,oracle11gr2
登陆端配置tnsnames.ora文件,增加下面几行
- HTZDG =
- (DESCRIPTION =
- (ADDRESS_LIST =
- (ADDRESS = (PROTOCOL = TCP)(HOST = 192.168.100.30)(PORT = 1521))
- )
- (CONNECT_DATA =
- (SERVER = DEDICATED)
- (SERVICE_NAME = htzdg)
- )
- )
- 1.
- 2.
- 3.
- 4.
- 5.
- 6.
- 7.
- 8.
- 9.
- 10.
测试是否可以正常解析
- C:\Users\luoping>tnsping htzdg
- TNS Ping Utility for 32-bit Windows: Version 11.2.0.1.0 - Production on 29-8月 -
- 2012 21:40:40
- Copyright (c) 1997, 2010, Oracle. All rights reserved.
- 已使用的参数文件:
- D:\app\luoping\product\11.2.0\client_1\network\admin\sqlnet.ora
- 已使用 TNSNAMES 适配器来解析别名
- 尝试连接 (DESCRIPTION = (ADDRESS_LIST = (ADDRESS = (PROTOCOL = TCP)(HOST = 192.1
- 68.100.30)(PORT = 1521))) (CONNECT_DATA = (SERVER = DEDICATED) (SERVICE_NAME = h
- tzdg)))
- OK (40 毫秒)
- C:\Users\luoping>
- 1.
- 2.
- 3.
- 4.
- 5.
- 6.
- 7.
- 8.
- 9.
- 10.
- 11.
- 12.
- 13.
- 14.
- 15.
- 16.
- 17.
- 18.
下面是开始配置wallet
1,创建一个wallet
- D:\app\luoping\product\11.2.0\client_1\BIN>mkstore -wrl D:\app\luoping\product\11.2.0\client_1\pstore -create
- Oracle Secret Store Tool: 版本 11.2.0.1.0 - Production
- 版权所有 (c) 2004, 2009, Oracle 和/或其子公司。保留所有权利。
- 输入口令:
- 再次输入口令:
- D:\app\luoping\product\11.2.0\client_1\BIN>cd ../
- D:\app\luoping\product\11.2.0\client_1>cd pstore
- D:\app\luoping\product\11.2.0\client_1\pstore>dir
- 驱动器 D 中的卷是 DATA
- 卷的序列号是 D60C-09BD
- D:\app\luoping\product\11.2.0\client_1\pstore 的目录
- 2012/08/29 15:39 <DIR> .
- 2012/08/29 15:39 <DIR> ..
- 2012/08/29 15:39 3,589 cwallet.sso
- 2012/08/29 15:39 3,512 ewallet.p12
- 2 个文件 7,101 字节
- 2 个目录 368,717,893,632 可用字节
- 1.
- 2.
- 3.
- 4.
- 5.
- 6.
- 7.
- 8.
- 9.
- 10.
- 11.
- 12.
- 13.
- 14.
- 15.
- 16.
- 17.
2,启动wallet与指定wallet位置
- D:\app\luoping\product\11.2.0\client_1\network\admin>more sqlnet.ora
- # sqlnet.ora Network Configuration File: D:\app\luoping\product\11.2.0\client_1\
- network\admin\sqlnet.ora
- # Generated by Oracle configuration tools.
- # This file is actually generated by netca. But if customers choose to
- # install "Software Only", this file wont exist and without the native
- # authentication, they will not be able to connect to the database on NT.
- SQLNET.AUTHENTICATION_SERVICES= (NTS)
- NAMES.DIRECTORY_PATH= (TNSNAMES, EZCONNECT)
- WALLET_LOCATION=(SOURCE=(METHOD=FILE)(METHOD_DATA=(DIRECTORY=D:\app\luoping\product\11.2.0\client_1\pstore)))
- SQLNET.WALLET_OVERRIDE=TRUE
- 1.
- 2.
- 3.
- 4.
- 5.
- 6.
- 7.
- 8.
- 9.
- 10.
- 11.
- 12.
- 13.
- 14.
3,增加需要登陆的网络服务名,用户,密码到wallet中
- D:\app\luoping\product\11.2.0\client_1\BIN>mkstore -wrl D:\app\luoping\product\1
- 1.2.0\client_1\pstore -createCredential htzdg sys oracle
- Oracle Secret Store Tool: 版本 11.2.0.1.0 - Production
- 版权所有 (c) 2004, 2009, Oracle 和/或其子公司。保留所有权利。
- 输入 Wallet 口令:
- Create credential oracle.security.client.connect_string1
- 1.
- 2.
- 3.
- 4.
- 5.
- 6.
- 7.
- 8.
4,测试是否成功
- D:\app\luoping\product\11.2.0\client_1\BIN>sqlplus /@htzdg as sysdba
- SQL*Plus: Release 11.2.0.1.0 Production on 星期三 8月 29 17:48:27 2012
- Copyright (c) 1982, 2010, Oracle. All rights reserved.
- 连接到:
- Oracle Database 11g Enterprise Edition Release 11.2.0.1.0 - 64bit Production
- With the Partitioning, OLAP, Data Mining and Real Application Testing options
- SQL>
- 1.
- 2.
- 3.
- 4.
- 5.
- 6.
- 7.
- 8.
- 9.
- 10.
- 11.
- 12.
5,查看wallet中配置的网络服务名
- D:\app\luoping\product\11.2.0\client_1\BIN>mkstore -wrl d:\app\luoping\product\1
- 1.2.0\client_1\pstore -listCredential
- Oracle Secret Store Tool: 版本 11.2.0.1.0 - Production
- 版权所有 (c) 2004, 2009, Oracle 和/或其子公司。保留所有权利。
- 输入 Wallet 口令:
- List credential (index: connect_string username)
- 1: htzdg sys
- 1.
- 2.
- 3.
- 4.
- 5.
- 6.
- 7.
- 8.
- 9.
6,一个网络服务名,只能对应一个用户,如果相同的数据库有多少用户需要在同一个client通过wallet实现时,我们需要每一个用户,创建一个网络服务名。
下面是测试一个网络服务名,相增加两个用户时,报错。
- C:\Users\luoping>mkstore -wrl D:\app\luoping\product\11.2.0\client_1\pstore -cre
- ateCredential htzdg scott oracle
- Oracle Secret Store Tool: 版本 11.2.0.1.0 - Production
- 版权所有 (c) 2004, 2009, Oracle 和/或其子公司。保留所有权利。
- 输入 Wallet 口令:
- Create credential 出现密钥存储错误: oracle.security.pki.OracleSecretStoreExcepti
- on: Credential already exists
7,当密码修改后,要手动更新wallet中相应的密码。不然要报错的。
- D:\app\luoping\product\11.2.0\client_1\BIN>sqlplus /@htzdg as sysdba
- SQL*Plus: Release 11.2.0.1.0 Production on 星期三 8月 29 17:45:56 2012
- Copyright (c) 1982, 2010, Oracle. All rights reserved.
- 连接到:
- Oracle Database 11g Enterprise Edition Release 11.2.0.1.0 - 64bit Production
- With the Partitioning, OLAP, Data Mining and Real Application Testing options
- SQL>
- SQL> alter user sys identified by htz;
- 用户已更改。
- SQL> exit
- 从 Oracle Database 11g Enterprise Edition Release 11.2.0.1.0 - 64bit Production
- With the Partitioning, OLAP, Data Mining and Real Application Testing options 断
- 开
- D:\app\luoping\product\11.2.0\client_1\BIN>sqlplus /@htzdg as sysdba
- SQL*Plus: Release 11.2.0.1.0 Production on 星期三 8月 29 17:46:25 2012
- Copyright (c) 1982, 2010, Oracle. All rights reserved.
- ERROR:
- ORA-01017: invalid username/password; logon denied
- 请输入用户名:
- D:\app\luoping\product\11.2.0\client_1\BIN>mkstore -wrl D:\app\luoping\product\1
- 1.2.0\client_1\pstore -modifyCredential htzdg sys
- Oracle Secret Store Tool: 版本 11.2.0.1.0 - Production
- 版权所有 (c) 2004, 2009, Oracle 和/或其子公司。保留所有权利。
- 命令行中缺少您的密钥/口令
- 请输入您的密钥/口令:
- 请重新输入您的密钥/口令:
- 输入 Wallet 口令:
- Modify credential
- Modify 1
- D:\app\luoping\product\11.2.0\client_1\BIN>
- D:\app\luoping\product\11.2.0\client_1\BIN>mkstore -wrl D:\app\luoping\product\1
- 1.2.0\client_1\pstore -modifyCredential htzdg sys
- Oracle Secret Store Tool: 版本 11.2.0.1.0 - Production
- 版权所有 (c) 2004, 2009, Oracle 和/或其子公司。保留所有权利。
- 命令行中缺少您的密钥/口令
- 请输入您的密钥/口令:
- 请重新输入您的密钥/口令:
- 输入 Wallet 口令:
- Modify credential
- Modify 1
- D:\app\luoping\product\11.2.0\client_1\BIN>
- D:\app\luoping\product\11.2.0\client_1\BIN>sqlplus /@htzdg as sysdba
- SQL*Plus: Release 11.2.0.1.0 Production on 星期三 8月 29 17:48:27 2012
- Copyright (c) 1982, 2010, Oracle. All rights reserved.
- 连接到:
- Oracle Database 11g Enterprise Edition Release 11.2.0.1.0 - 64bit Production
- With the Partitioning, OLAP, Data Mining and Real Application Testing options
- SQL>
8,手动删除wallet中的记录
- D:\app\luoping\product\11.2.0\client_1\BIN>mkstore -wrl d:\app\luoping\product\1
- 1.2.0\client_1\pstore -deleteCredential htzdg
- Oracle Secret Store Tool: 版本 11.2.0.1.0 - Production
- 版权所有 (c) 2004, 2009, Oracle 和/或其子公司。保留所有权利。
- 输入 Wallet 口令:
- Delete credential
- Delete 1
- 1.
- 2.
- 3.
- 4.
- 5.
- 6.
- 7.
- 8.
- 9.
9,mkstore命令帮忙手册
- D:\app\luoping\product\11.2.0\client_1\BIN>mkstore
- Oracle Secret Store Tool: 版本 11.2.0.1.0 - Production
- 版权所有 (c) 2004, 2009, Oracle 和/或其子公司。保留所有权利。
- mkstore [-wrl wrl] [-create] [-createSSO] [-createLSSO] [-createALO] [-delete] [
- -deleteSSO] [-list] [-createEntry alias secret] [-viewEntry alias] [-modifyEntry
- alias secret] [-deleteEntry alias] [-createCredential connect_string username p
- assword] [-listCredential] [-modifyCredential connect_string username password]
- [-deleteCredential connect_string] [-help] [-nologo]