Using The Oracle Secure External Password Store

来源：这里教程网时间：2026-03-03 16:05:40 作者：

Configuring Clients to Use the External Password Store

1) Create a wallet on the client by using the following syntax at the command line:

mkstore -wrl < wallet_location> -create example: mkstore -wrl /home/mseibt/pstore -create Enter password: welcome1 Enter password again: welcome1 ls -al /home/mseibt/pstore -rw------- 1 mseibt dba 7940 Nov 9 15:38 cwallet.sso -rw------- 1 mseibt dba 7912 Nov 9 15:38 ewallet.p12

 2) Create database connection credentials in the wallet by using the following syntax at the command line:

mkstore -wrl <wallet_location> -createCredential <db_connect_string> <username> <password>

example:
("N102" in the following example is a connect descriptor located in the tnsnames.ora.)
mkstore -wrl /home/mseibt/pstore -createCredential N102 <user> <password>
Enter password: welcome1          
Create credential oracle.security.client.connect_string1

Enclose usernames and passwords that have special characters in single quotes. example: mkstore -wrl /home/mseibt/pstore -createCredential N102 '<user>' <password>

3) In the client sqlnet.ora file, enter the WALLET_LOCATION parameter and set it to the directory location of the wallet you created in Step 1.

WALLET_LOCATION = (SOURCE = (METHOD = FILE) (METHOD_DATA = (DIRECTORY = /home/mseibt/pstore)) )

4) In the client sqlnet.ora file, enter the SQLNET.WALLET_OVERRIDE parameter and set it to TRUE

SQLNET.WALLET_OVERRIDE = TRUE

This setting causes all CONNECT /@db_connect_string statements to use the information in the 
wallet at the specified location to authenticate to databases.

When external authentication is in use, an authenticated user with such a wallet can use the CONNECT /@db_connect_string syntax to access the previously specified databases without providing a user name and password. However, if a user fails that external authentication, then these connect statements will also fail.

If an application uses SSL for encryption, then the sqlnet.ora parameter, SQLNET.AUTHENTICATION_SERVICES, specifies SSL and an SSL wallet is created. If this application wants to use secret store credentials to authenticate to databases (instead of the SSL certificate), then those credentials must be stored in the SSL wallet. After SSL authentication, if SQLNET.WALLET_OVERRIDE = TRUE, then the user names and passwords from the wallet are used to authenticate. If SQLNET.WALLET_OVERRIDE = FALSE the SSL certificate is used.

Configured sqlnet.ora.

WALLET_LOCATION = (SOURCE = (METHOD = FILE) (METHOD_DATA = (DIRECTORY = /home/mseibt/pstore)) ) SQLNET.WALLET_OVERRIDE = TRUE

5) With the external password store configured, connect as <user>:

sqlplus /@N102 SQL*Plus: Release 10.2.0.1.0 - Production on Wed Nov 9 15:59:42 2005 Copyright (c) 1982, 2005, Oracle. All rights reserved. Connected to: Oracle Database 10g Enterprise Edition Release 10.2.0.1.0 - 64bit Production With the Partitioning, OLAP and Data Mining options SQL> show user USER is "<user>"