You are on page 1of 2

WALLET_LOCATION =

(SOURCE =
(METHOD = FILE)
(METHOD_DATA =
(DIRECTORY = /u01/app/oracle/wallet)
)
)
SQLNET.WALLET_OVERRIDE = TRUE
SSL_CLIENT_AUTHENTICATION = FALSE
SSL_VERSION = 0

The SQLNET.WALLET_OVERRIDE entry allows this method to override any existing OS


authentication configuration.
Create an Oracle wallet in the previously specified location using the mkstore utility
with the -create option. The wallet is password protected, but is defined with the "Auto
Login" property enabled so connection attempts by the user who created the wallet do not
require a password.
$ mkdir /u01/app/oracle/wallet
$ mkstore -wrl "/u01/app/oracle/wallet" -create
Enter password:
Enter password again:
$

Wallets can be copied to different machines, which can represent a security risk. In 11g
Release 2, you can prevent the auto login functionality of the wallet from working if it is
copied to another machine by creating a local wallet using the "orapki" command, instead
of the "mkstore" command.
$ orapki wallet create -wallet "/u01/app/oracle/wallet" -pwd
"mypassword" -auto_login_local

Once the wallet is created, it can be modified using the "mkstore" command described
below.
Add the password credentials to the wallet using the -createCredential option.
$ mkstore -wrl "/u01/app/oracle/wallet" -createCredential db10g
scott tiger
Enter password:
Create credential oracle.security.client.connect_string1
$

The db_alias, in this case "db10g", is the identifier used in the "/@db_alias" syntax, and
must have a matching entry in the "tnsnames.ora" file.
The credentials present in the wallet are listed using the -listCredential option.
$ mkstore -wrl "/u01/app/oracle/wallet" -listCredential
Enter password:
List credential (index: connect_string username)

1: db10g scott
$

With the wallet created and the password credentials in place, connect to the database
without specifying the username and password, as shown below.
$ sqlplus /@db10g
SQL*Plus: Release 10.2.0.1.0 - Production on Thu Jul 19 08:15:09
2007
Copyright (c) 1982, 2005, Oracle.

All rights reserved.

Connected to:
Oracle Database 10g Enterprise Edition Release 10.2.0.1.0 Production
With the Partitioning, Oracle Label Security, OLAP and Data Mining
Scoring Engine options
SQL> show user
USER is "SCOTT"
SQL>

That's fine if you only ever connect as a single user to each database, but what if you
connect as multiple users? Simply add a new entry into the wallet using a different
db_alias and make sure the alias is present in the "tnsnames.ora" file. So if we have a
user called "test" on the "db10g" database, we create a new entry in the wallet.
$ mkstore -wrl "/u01/app/oracle/wallet" -createCredential
db10g_test test test
Enter password:
Create credential oracle.security.client.connect_string1
$

Make a new entry for the "db10g" database in the client "tnsnames.ora" file.
DB10G_TEST =
(DESCRIPTION =
(ADDRESS = (PROTOCOL = TCP)(HOST = localhost)(PORT = 1521))
(CONNECT_DATA =
(SERVER = DEDICATED)
(SERVICE_NAME = DB10G.WORLD)
)
)