ttUser
The ttUser
utility helps you secure passwords.
With the ttUser
utility you can either:
- Use an Oracle Wallet to securely store user IDs and passwords.
- Hash a password and use the obtained value for the PWDCrypt connection attribute.
Store Your Credentials in an Oracle Wallet
The most secure method to provide credentials when connecting to a database is to store a user's password in an Oracle Wallet.
With ttUser
you can perform the following wallet-related tasks:
- Add user IDs and cache administration user IDs with associated passwords to a user-managed Oracle Wallet.
- Provide the name of the directory in which you want the wallet to be placed.
- Remove user IDs and cache administration user IDs with associated passwords from the wallet.
ttUser
utility creates or modifies a wallet as follows:
- TimesTen places the wallet in a subdirectory created by
ttUser
. You provide the path to place such a subdirectory. If the subdirectory does not already exist, thenttUser
creates it. Do not create this subdirectory yourself. - If your wallet does not already exist,
ttUser
creates the wallet in the specified location. The credentials are added to the Oracle Wallet in this directory location. - If your wallet does exist but the user does not exist in the wallet, the
ttUser
utility adds the user and password to the wallet. - If a user has already been added to the wallet, you can provide a new password to overwrite the existing one.
You can store multiple different users with associated passwords in the same wallet for a particular DSN. However, you need to use separate wallets when you have the same user with different passwords in different DSNs.
- Terry creates a directory to contain the wallet for ds1:
/terry/wallets/ds1wallet
. - Terry creates a directory to contain the wallet for the ds2:
/terry/wallets/ds2wallet
. - Using
ttUser -setPwd
, Terry provides the paths for each directory structure in which they want their wallets placed and their passwords stored. A subdirectory to contain each wallet is created byttUser
in each case.
Hash Your Password with ttUser
If you specify the -pwdCrypt
option, the ttUser
utility prompts you for a password and returns a hashed password. You can then include the output in a connection string or as the value for the PWDCrypt
connection attribute in an ODBCINI
file.
Required Privilege
This utility requires no privileges.
Usage in TimesTen Scaleout and TimesTen Classic
This utility is supported in both TimesTen Classic and TimesTen Scaleout.
Syntax
ttUser {-h | -help | -V} ttUser -pwdCrypt ttUser -setPwd -uid {UID} -wallet {walletPath} -removePwd -uid {UID} -wallet {walletPath} -setOraclePwd -uid {UID} -wallet {walletPath} -removeOraclePwd -uid {UID} -wallet {walletPath}
Options
The ttUser
utility supports the options:
Option | Description |
---|---|
|
Prints a usage message and exits. |
|
Generates an hashed password value for the |
-removeOraclePwd |
Removes the Oracle cache administration user and password from a wallet. |
-removePwd |
Removes the TimesTen user and password from a wallet. |
-setOraclePwd |
Sets the Oracle cache administration user and password in a wallet. |
-setPwd |
Sets the TimesTen user and password in a wallet. |
-uid {username | cacheadmin} |
The user name for the credentials (required for all wallet options). |
|
Prints the release number of |
|
Absolute path to a wallet file to be created or updated. |
Notes
- You are responsible for securing and managing your wallets.
- If you save a password and there is already an entry in the wallet for that user ID and password type, the existing password is overwritten without warning.
- You are responsible for creating wallets and making them accessible from hosts used to access TimesTen.
- TimesTen recommends having one wallet per combination of TimesTen DSN and Oracle NetServiceName.
Examples
This example sets a password for a TimesTen user. The ttUser
utility prompts you to enter the password.
% ttUser -setPwd -uid terry -wallet /home/terry/wallets/mywallet Enter password:
After you have created the /home/cacheadmin/wallets
directory to contain all of your wallets, this example sets the password for an Oracle cache administration user.
% ttUser -setOraclePwd -uid cacheadmin -wallet /home/cacheadmin/wallets Enter password:
To remove an Oracle password, use ttUser -removeOraclePwd
.
% ttUser -removeOraclePwd -uid cacheadmin -wallet /home/cacheadmin/wallets
This example shows how the Oracle cache administration user connects to TimesTen and Oracle through ttIsql
without providing Pwd
and OraclePwd
in the connection string or DSN definition. Instead, the Oracle cache administration user indicates the values for UID
and PwdWallet
to specify the wallet from which to retrieve credentials. See PwdWallet
.
Command> connect “dsn=mydb;uid=cacheadmin;oracleNetServiceName=myorcl;PwdWallet=/home/terry/wallets/mywallet”;