You are on page 1of 2


(DIRECTORY = /u01/app/oracle/wallet)

The SQLNET.WALLET_OVERRIDE entry allows this method to override any existing OS

authentication configuration.
Create an Oracle wallet in the previously specified location using the mkstore utility
with the -create option. The wallet is password protected, but is defined with the "Auto
Login" property enabled so connection attempts by the user who created the wallet do not
require a password.
$ mkdir /u01/app/oracle/wallet
$ mkstore -wrl "/u01/app/oracle/wallet" -create
Enter password:
Enter password again:

Wallets can be copied to different machines, which can represent a security risk. In 11g
Release 2, you can prevent the auto login functionality of the wallet from working if it is
copied to another machine by creating a local wallet using the "orapki" command, instead
of the "mkstore" command.
$ orapki wallet create -wallet "/u01/app/oracle/wallet" -pwd
"mypassword" -auto_login_local

Once the wallet is created, it can be modified using the "mkstore" command described
Add the password credentials to the wallet using the -createCredential option.
$ mkstore -wrl "/u01/app/oracle/wallet" -createCredential db10g
scott tiger
Enter password:
Create credential

The db_alias, in this case "db10g", is the identifier used in the "/@db_alias" syntax, and
must have a matching entry in the "tnsnames.ora" file.
The credentials present in the wallet are listed using the -listCredential option.
$ mkstore -wrl "/u01/app/oracle/wallet" -listCredential
Enter password:
List credential (index: connect_string username)

1: db10g scott

With the wallet created and the password credentials in place, connect to the database
without specifying the username and password, as shown below.
$ sqlplus /@db10g
SQL*Plus: Release - Production on Thu Jul 19 08:15:09
Copyright (c) 1982, 2005, Oracle.

All rights reserved.

Connected to:
Oracle Database 10g Enterprise Edition Release Production
With the Partitioning, Oracle Label Security, OLAP and Data Mining
Scoring Engine options
SQL> show user

That's fine if you only ever connect as a single user to each database, but what if you
connect as multiple users? Simply add a new entry into the wallet using a different
db_alias and make sure the alias is present in the "tnsnames.ora" file. So if we have a
user called "test" on the "db10g" database, we create a new entry in the wallet.
$ mkstore -wrl "/u01/app/oracle/wallet" -createCredential
db10g_test test test
Enter password:
Create credential

Make a new entry for the "db10g" database in the client "tnsnames.ora" file.
(ADDRESS = (PROTOCOL = TCP)(HOST = localhost)(PORT = 1521))