WALLET_LOCATION = (SOURCE = (METHOD = FILE) (METHOD_DATA = (DIRECTORY = /u01/app/orac!/"a!#) ) ) S$LNET%WALLET_O&ERRIDE = TRUE SSL_CLIENT_AUTHENTICATION = FALSE SSL_&ERSION = 0
The S$LNET%WALLET_O&ERRIDE entry allows this method to override any existing OS authentication configuration. Create an Oracle wallet in the previously specified location using the '#or! utility with the *cr!a#! option. The wallet is password protected, but is defined with the "Auto ogin" property enabled so connection attempts by the user who created the wallet do not re!uire a password. + ',-r /u01/app/orac!/"a!# + '#or! *"r ./u01/app/orac!/"a!#. *cr!a#! E#!r pa"or, E#!r pa"or, aa-
+
allets can be copied to different machines, which allets wh ich can represent a security ris#. $n %%g &elease ', you can prevent the auto login functionality of the wa llet from wor#ing if it is copied to another machine by creating a local wallet using the "orap#i" command, instead of the "m#store" command. + orap- "a!# cr!a#! *"a!# ./u01/app/orac!/"a!#. *p", .'2pa"or,. *au#o_o-_oca
Once the wallet is created, it can be modified using the "m#store" command described below. Add the password credentials to the wallet using the *cr!a#!Cr!,!#-a option. + '#or! *"r ./u01/app/orac!/"a!#. *cr!a#!Cr!,!#-a ,310 co## #-!r E#!r pa"or, Cr!a#! cr!,!#-a orac!%!cur-#2%c-!#%co!c#_#r-1 +
The ,3_a-a , in this case "db%(g", is the identifier used in the ")*db+alias" syntax, and must have a matching entry in the "tnsnames.ora" file. The credentials present in the wallet are listed using the *-#Cr!,!#-a option. + '#or! *"r ./u01/app/orac!/"a!#. *-#Cr!,!#-a E#!r pa"or, L-# cr!,!#-a (-,!4 co!c#_#r- u!ra'!)
1 ,310 co## +
ith the wallet created and the password credentials in place, connec t to the database without specifying the username and password, as shown below. + 5pu /6,310 S$L78u R!!a! 10%9%0%1%0 * 8ro,uc#-o o T:u ;u 1< 01>0< 900? Cop2r-:# (c) 1<9@ 900>@ Orac!%
A r-:# r!!r!,%
Co!c#!, #o Orac! Da#a3a! 10 E#!rpr-! E,-#-o R!!a! 10%9%0%1%0 * 8ro,uc#-o W-#: #:! 8ar#-#-o-@ Orac! La3! S!cur-#2@ OLA8 a, Da#a M-- Scor- E-! op#-o S$LB :o" u!r USER - .SCOTT. S$LB
Thats fine if you only ever connect as a single user to each database, but what if you connect as multiple users- Simply add a new entry into the wallet using a different ,3_a-a and ma#e sure the alias is present in the "tnsnames.ora" file. So if we h ave a user called "test" on the "db%(g" database, we create a new entry in the wallet. + '#or! *"r ./u01/app/orac!/"a!#. *cr!a#!Cr!,!#-a ,310_#!# #!# #!# E#!r pa"or, Cr!a#! cr!,!#-a orac!%!cur-#2%c-!#%co!c#_#r-1 +
a#e a new entry for the "db%(g" database in the client "tnsnames.ora" file. D10_TEST = (DESCRI8TION = (ADDRESS = (8ROTOCOL = TC8)(HOST = oca:o#)(8ORT = 1>91)) (CONNECT_DATA = (SER&ER = DEDICATED) (SER&ICE_NAME = D10%WORLD) ) )
