wallet,外部存储用户名密码,createEntry与createCredential区别(二)

接着上篇
wallet文件可以copy到不同的机器修改client的sqlnet.ora就可以，11g用orapki来替换mkstore
我再来做另一个实验用-createCredential的参数，虽然在mksotre的help 中没有显示，但是它还是可以用的，注意我换了wallet目录
在tnsnames.ora再重新copy一个别外
d191_11=
(DESCRIPTION =
(ADDRESS = (PROTOCOL = TCP)(HOST = 192.168.191.11)(PORT = 1521))
(CONNECT_DATA =
(SERVER = DEDICATED)
(SERVICE_NAME = ncme)
)
)
)

建钱包
[oracle@anbob weejar]$ mkstore -wrl /oracle10g/app/oracle/product/10.2.0/db_1/network/admin/wallets/weejar -create
Enter password:         
Enter password again: 
--输入963852
[oracle@anbob weejar]$ ls
cwallet.sso  ewallet.p12
装钱
[oracle@anbob weejar]$ mkstore -wrl /oracle10g/app/oracle/product/10.2.0/db_1/network/admin/wallets/weejar -createCredential d191_11 weejar weejar123
Enter password:         
   
Create credential oracle.security.client.connect_string1
[oracle@anbob weejar]$ mkstore -wrl /oracle10g/app/oracle/product/10.2.0/db_1/network/admin/wallets/weejar -createCredential d191_11 anbob anbob
Enter password:         
Create credential Secret Store error occured: oracle.security.pki.OracleSecretStoreException: Credential already exists
note:createCredential参数后跟tnsname dbusername dbpassword ,回车后提示的密码是输入wallet时的密码,注意我在这里故意出错就是提醒每个tnsname只能对应一个用户连接
列出钱包内容
[oracle@anbob weejar]$ mkstore -wrl /oracle10g/app/oracle/product/10.2.0/db_1/network/admin/wallets/weejar -listCredential
Enter password:         
   
List credential (index: connect_string username)
1: d191_11 weejar
修改sqlnet.ora
NAMES.DIRECTORY_PATH= (TNSNAMES, EZCONNECT)
WALLET_LOCATION =
   (SOURCE =
     (METHOD = FILE)
     (METHOD_DATA =
       (DIRECTORY = /oracle10g/app/oracle/product/10.2.0/db_1/network/admin/wallets/weejar)
     )
   )
SQLNET.WALLET_OVERRIDE = TRUE
SSL_CLIENT_AUTHENTICATION = FALSE
SSL_VERSION = 0
[oracle@anbob admin]$ sqlplus /@d191_11
SQL*Plus: Release 10.2.0.1.0 - Production on 骀涓 1?4 21:11:58 2012
Copyright (c) 1982, 2005, Oracle.  All rights reserved.

Connected to:
Oracle Database 10g Enterprise Edition Release 10.2.0.1.0 - Production
With the Partitioning, OLAP and Data Mining options
SQL> show user
USER is "WEEJAR"

note:wallet 实现了在数据库的外部存储密码而非明文，wallet文件可以在不同机器上copy,createEntry 创建的只是绑定了用户名和密码，createCredential绑定了tnsname,用户名和密码，每个tnsname对应一个认证，每个wellet一个目录，最后的登录用 sqlplus /@tnsname连接，也可以修改wallet密码，或删除,花了两天的时间呀..