Topics:
· Overview
· Setting Up Password Stores for Database User Accounts
· Verifying the Connectivity of the Wallet
As part of an application installation, administrators must set up password stores for database user accounts using Oracle Wallet. These password stores must be installed on the application database side. The installer handles much of this process, the administrators must perform some additional steps.
A password store for the application and application server user accounts must also be installed; however, the installer takes care of this entire process.
After the database is installed and the default database user accounts are set up, administrators must set up a password store using the Oracle Wallet. This involves assigning an alias for the username and associated password for each database user account. The alias is used later during the application installation. This password store must be created on the system where the application server and database client are installed.
This section describes the steps to set up a wallet and the aliases for the database user accounts. For more information on configuring authentication and password stores, refer to the Oracle Database Security Guide.
|
NOTE |
In this section, <wallet_location> is a placeholder text for illustration purposes. Before running the command, ensure that you have already created the <wallet_location> directory where you want to create and store the wallet. |
To set up a password store for the database user accounts, follow these steps:
1. Login to the server as a Linux user.
2. Create a wallet in the <wallet_location> using the following command:
mkstore -wrl <wallet_location> -create
After you run the command, a prompt appears. Enter a password for the Oracle Wallet in the prompt.
|
NOTE |
The mkstore utility is included in the Oracle Database Client installation. |
The wallet is created with the auto-login feature enabled. This feature enables the database client to access the wallet contents without using the password. For more information, refer to the Oracle Database Advanced Security Administrator's Guide.
3. Create the database connection credentials in the wallet using the following command:
mkstore -wrl <wallet_location> -createCredential <alias-name> <database-user-name>
Run the above command for the following <alias-name>:
|
Schema |
Applicable for FCC Studio with OFSAA |
Applicable for FCC Studio with Non-OFSAA |
|---|---|---|
|
BD_Config_Schema |
Yes |
No |
|
BD_Atomic_Schema |
Yes |
No |
|
Studio_Schema |
Yes |
Yes |
After you run the command, a prompt appears. Enter the password associated with the database user account in the prompt. You are prompted to re-enter the password. You are prompted for the wallet password used in Step 1.
4. Repeat step 2 for all the database user accounts.
5. Update the tnsnames.ora file to include the following entry for each alias name to be set up.
<alias-name> =
(DESCRIPTION =
(ADDRESS_LIST =
(ADDRESS = (PROTOCOL = TCP) (HOST = <host>) (PORT = <port>))
)
(CONNECT_DATA =
(SERVICE_NAME = <service>)
)
)
|
NOTE |
· You can either update the existing tnsnames.ora file with the above details or create a new tnsnames.ora file and make required entries. · <alias-name> is a user-defined value. |
To verify the connectivity of the wallet, follow these steps:
1. Create a sqlnet.ora in the wallet directory using the following content:
WALLET_LOCATION = (SOURCE = (METHOD = FILE) (METHOD_DATA = (DIRECTORY = <Wallet_Location>)) )
SQLNET.WALLET_OVERRIDE=TRUE
SSL_CLIENT_AUTHENTICATION=FALSE
2. Test the connectivity using the following command:
|
NOTE |
The ORACLE_HOME used with the wallet must be the same version or higher than what the wallet was created with. |
$ export WALLET_LOCATION=<wallet_location>
$ export TNS_ADMIN=<tnsnames.ora_location>, Here ensure to use the wallet to point to the alternate tnsnames.ora as created above.
$ sqlplus /@<alias_name>
The output is similar to:
SQL*Plus: Release 11
Connected to:
Oracle Database 12c
To verify if you are connected to the correct user:
SQL> show user
The output is similar to:
USER is "<database-user-name>"