[20170111]設定無需口令登入資料庫.txt

[20170111]設定無需口令登入資料庫.txt

--以前連結提到的http://blog.itpub.net/267265/viewspace-2124815/，必須考慮一種方式登入避免口令的暴露。
--想到設定Oracle Wallets，自己從來沒有做過，測試看看。

1.環境：
SCOTT@book> @ &r/ver1

PORT_STRING                    VERSION        BANNER
------------------------------ -------------- --------------------------------------------------------------------------------
x86_64/Linux 2.4.xx            11.2.0.4.0     Oracle Database 11g Enterprise Edition Release 11.2.0.4.0 - 64bit Production

2.建立wallets:
$ mkdir /u01/app/oracle/admin/wallets
$ mkstore -wrl /u01/app/oracle11g/admin/wallet -create
--//注意輸入密碼要複雜一點點，不然提示出錯，另外以後必須記住此密碼，便於管理wallets。
PKI-01002: Invalid password:Passwords must have a minimum length of eight characters and contain alphabetic characters
combined with numbers or special characters

$ mkstore -wrl /u01/app/oracle/admin/wallets -createCredential book SYS oracle

$ mkstore -wrl /u01/app/oracle/admin/wallets -createCredential book SYS oracle
Oracle Secret Store Tool : Version 11.2.0.4.0 - Production
Copyright (c) 2004, 2013, Oracle and/or its affiliates. All rights reserved.
Enter wallet password:
Create credential oracle.security.client.connect_string1

--引數createCredential的格式如下，可以看幫助：
[-createCredential connect_string username password]

3.修改sqlnet.ora檔案，加入：

WALLET_LOCATION =
   (SOURCE =
      (METHOD = FILE)
      (METHOD_DATA = (DIRECTORY = /u01/app/oracle/admin/wallets))
)

SQLNET.WALLET_OVERRIDE=true

--//注:我的測試必須需要後面1行，否者無法透過。

4.測試：
$ sqlplus /@book as sysdba
SQL*Plus: Release 11.2.0.4.0 Production on Wed Jan 11 09:25:33 2017
Copyright (c) 1982, 2013, Oracle.  All rights reserved.
Connected to:
Oracle Database 11g Enterprise Edition Release 11.2.0.4.0 - 64bit Production
With the Partitioning, OLAP, Data Mining and Real Application Testing options

SYS@book> show user
USER is "SYS"

--//使用rman測試：
$ rman target /@book
Recovery Manager: Release 11.2.0.4.0 - Production on Wed Jan 11 09:39:58 2017
Copyright (c) 1982, 2011, Oracle and/or its affiliates.  All rights reserved.
connected to target database: BOOK (DBID=1337401710)
RMAN>

5.相關命令學習：
$ mkstore -wrl  /u01/app/oracle/admin/wallets -list
Oracle Secret Store Tool : Version 11.2.0.4.0 - Production
Copyright (c) 2004, 2013, Oracle and/or its affiliates. All rights reserved.
Enter wallet password:
Oracle Secret Store entries:
oracle.security.client.connect_string1
oracle.security.client.password1
oracle.security.client.username1

--不知道什麼意思。
$ mkstore -wrl  /u01/app/oracle/admin/wallets  -viewEntry oracle.security.client.password1
Oracle Secret Store Tool : Version 11.2.0.4.0 - Production
Copyright (c) 2004, 2013, Oracle and/or its affiliates. All rights reserved.
Enter wallet password:
oracle.security.client.password1 = oracle

$  mkstore -wrl  /u01/app/oracle/admin/wallets -listCredential
Oracle Secret Store Tool : Version 11.2.0.4.0 - Production
Copyright (c) 2004, 2013, Oracle and/or its affiliates. All rights reserved.

Enter wallet password:

List credential (index: connect_string username)
1: book SYS

$ mkstore -wrl  /u01/app/oracle/admin/wallets  -viewEntry oracle.security.client.password1
Oracle Secret Store Tool : Version 11.2.0.4.0 - Production
Copyright (c) 2004, 2013, Oracle and/or its affiliates. All rights reserved.
Enter wallet password:
oracle.security.client.password1 = oracle

--//可以發現密碼，還可以增加專案，比如我在tnsnames.ora建立連線串:78S

$ mkstore -wrl /u01/app/oracle/admin/wallets -createCredential 78S scott book
Oracle Secret Store Tool : Version 11.2.0.4.0 - Production
Copyright (c) 2004, 2013, Oracle and/or its affiliates. All rights reserved.
Enter wallet password:
Create credential oracle.security.client.connect_string2

$  mkstore -wrl  /u01/app/oracle/admin/wallets -listCredential
Oracle Secret Store Tool : Version 11.2.0.4.0 - Production
Copyright (c) 2004, 2013, Oracle and/or its affiliates. All rights reserved.
Enter wallet password:
List credential (index: connect_string username)
2: 78S scott
1: book SYS

$ sqlplus /@78s
SQL*Plus: Release 11.2.0.4.0 Production on Wed Jan 11 09:35:43 2017
Copyright (c) 1982, 2013, Oracle.  All rights reserved.
Connected to:
Oracle Database 11g Enterprise Edition Release 11.2.0.4.0 - 64bit Production
With the Partitioning, OLAP, Data Mining and Real Application Testing options

SCOTT@78s> show user
USER is "SCOTT"
--//登入的是scott使用者。

--//刪除1項
$  mkstore -wrl  /u01/app/oracle/admin/wallets -deleteCredential 78S
Oracle Secret Store Tool : Version 11.2.0.4.0 - Production
Copyright (c) 2004, 2013, Oracle and/or its affiliates. All rights reserved.
Enter wallet password:
Delete credential
Delete 2

--但是你不能再建立這樣的項，提示存在：
$ mkstore -wrl /u01/app/oracle/admin/wallets -createCredential book scott book
Oracle Secret Store Tool : Version 11.2.0.4.0 - Production
Copyright (c) 2004, 2013, Oracle and/or its affiliates. All rights reserved.
Enter wallet password:
Create credential Secret Store error occured: oracle.security.pki.OracleSecretStoreException: Credential already exists