1. Reference
  2. Utilities
  3. ttUser

ttUser

The ttUser utility helps you secure passwords.

With the ttUser utility you can either:

  • Use an Oracle Wallet to securely store user IDs and passwords.
  • Hash a password and use the obtained value for the PWDCrypt connection attribute.

Store Your Credentials in an Oracle Wallet

The most secure method to provide credentials when connecting to a database is to store a user's password in an Oracle Wallet.

With ttUser you can perform the following wallet-related tasks:

  • Add user IDs and cache administration user IDs with associated passwords to a user-managed Oracle Wallet.
  • Provide the name of the directory in which you want the wallet to be placed.
  • Remove user IDs and cache administration user IDs with associated passwords from the wallet.
The ttUser utility creates or modifies a wallet as follows:
  • TimesTen places the wallet in a subdirectory created by ttUser. You provide the path to place such a subdirectory. If the subdirectory does not already exist, then ttUser creates it. Do not create this subdirectory yourself.
  • If your wallet does not already exist, ttUser creates the wallet in the specified location. The credentials are added to the Oracle Wallet in this directory location.
  • If your wallet does exist but the user does not exist in the wallet, the ttUser utility adds the user and password to the wallet.
  • If a user has already been added to the wallet, you can provide a new password to overwrite the existing one.

You can store multiple different users with associated passwords in the same wallet for a particular DSN. However, you need to use separate wallets when you have the same user with different passwords in different DSNs.

Let us assume that the user Terry needs wallets to store their credentials for two different DSNs.
  1. Terry creates a directory to contain the wallet for ds1: /terry/wallets/ds1wallet.
  2. Terry creates a directory to contain the wallet for the ds2: /terry/wallets/ds2wallet.
  3. Using ttUser -setPwd, Terry provides the paths for each directory structure in which they want their wallets placed and their passwords stored. A subdirectory to contain each wallet is created by ttUser in each case.

Hash Your Password with ttUser

If you specify the -pwdCrypt option, the ttUser utility prompts you for a password and returns a hashed password. You can then include the output in a connection string or as the value for the PWDCrypt connection attribute in an ODBCINI file.

Required Privilege

This utility requires no privileges.

Usage in TimesTen Scaleout and TimesTen Classic

This utility is supported in both TimesTen Classic and TimesTen Scaleout.

Syntax

ttUser {-h | -help | -V}

ttUser -pwdCrypt
ttUser -setPwd -uid {UID} -wallet {walletPath}
       -removePwd -uid {UID} -wallet {walletPath}
       -setOraclePwd -uid {UID} -wallet {walletPath}               
       -removeOraclePwd -uid {UID} -wallet {walletPath}

Options

The ttUser utility supports the options:

Option Description

-h

-help

-?

Prints a usage message and exits.

-pwdCrypt

Generates an hashed password value for the PWDCrypt connection attribute.

-removeOraclePwd

Removes the Oracle cache administration user and password from a wallet.
-removePwd

Removes the TimesTen user and password from a wallet.
-setOraclePwd

Sets the Oracle cache administration user and password in a wallet.
-setPwd

Sets the TimesTen user and password in a wallet.
-uid {username | cacheadmin}

The user name for the credentials (required for all wallet options).

-V | -version

Prints the release number of ttUser and exits.

-wallet {walletPath}

Absolute path to a wallet file to be created or updated.

Notes

  • You are responsible for securing and managing your wallets.
  • If you save a password and there is already an entry in the wallet for that user ID and password type, the existing password is overwritten without warning.
  • You are responsible for creating wallets and making them accessible from hosts used to access TimesTen.
  • TimesTen recommends having one wallet per combination of TimesTen DSN and Oracle NetServiceName.

Examples

This example sets a password for a TimesTen user. The ttUser utility prompts you to enter the password. 

% ttUser -setPwd -uid terry -wallet /home/terry/wallets/mywallet
Enter password:

After you have created the /home/cacheadmin/wallets directory to contain all of your wallets, this example sets the password for an Oracle cache administration user. 

% ttUser -setOraclePwd -uid cacheadmin -wallet /home/cacheadmin/wallets 
Enter password:

To remove an Oracle password, use ttUser -removeOraclePwd. 

% ttUser -removeOraclePwd -uid cacheadmin -wallet /home/cacheadmin/wallets

This example shows how the Oracle cache administration user connects to TimesTen and Oracle through ttIsql without providing Pwd and OraclePwd in the connection string or DSN definition. Instead, the Oracle cache administration user indicates the values for UID and PwdWallet to specify the wallet from which to retrieve credentials. See PwdWallet. 

Command> connect “dsn=mydb;uid=cacheadmin;oracleNetServiceName=myorcl;PwdWallet=/home/terry/wallets/mywallet”;