Auditing an Oracle database for security issues is very important. PeteFinnigan.com provides all of the information and tools that you will need Click here for details of PeteFinnigan.com Limited's detailed Oracle database security audit service Click here for details of PeteFinnigan.com Limited's Oracle Security Training Courses
Cookie Policy:We only use essential cookies on small sections of this website. For details see here.

Welcome, Guest. Please Login.
Nov 20th, 2017, 1:35am
News: Welcome to Pete Finnigan's Oracle security forum
Home | Help | Search | Members | Login
   Pete Finnigan's Oracle Security Forum
   Oracle Security
   Oracle Security tools
(Moderator: Pete Finnigan)
   external password store
« Previous topic | Next topic »
Pages: 1  Reply | Notify of replies | Send Topic | Print
   Author  Topic: external password store  (Read 10222 times)
isaez
PeteFinnigan.com Junior Member
**



Ivan

   
View Profile |

Gender: male
Posts: 76
external password store
« on: Sep 16th, 2005, 8:51am »
Quote | Modify

Hi,
 
I'm experimenting with the external password store (Oracle 10gR2 on Suse 9.3). When this feature is configured, application code, batch jobs, and scripts no longer need embedded user names and passwords.
So far so good. But when I try to use it I get an ORA-01017: invalid username/password; logon denied.
I've followd all the indication found in the Security Guide 10g Release 2 (10.2). Essentially:
 
mkstore -wrl /home/isaez/network -create
mkstore -wrl /home/isaez/network -createCredential ivan isaez mypwd
 
ivan is found in my tnsnames.ora and tnsping works. Also an sqlplus isaez/mypwd@ivan
connects without problem.
I also edited my sqlnet.ora file:
Code:
SQLNET.WALLET_OVERRIDE = TRUE
WALLET_LOCATION = (SOURCE=
(METHOD = FILE)
(METHOD_DATA =
(DIRECTORY=/home/isaez/network
)))
 
When I try to use the wallet:
 
Code:
sqlplus /nolog
connect /@ivan
 
 
I get the ora-01017 error. I also made a client trace and found the following errors (?):
Code:
[15-SEP-2005 19:31:25:063] snzdfo_open_file: Opening file /home/isaez/network/cwallet.sso with READ ONLY permissions
[15-SEP-2005 19:31:25:063] snzdfo_open_file: exit
[15-SEP-2005 19:31:25:063] nzdfo_open: exit
[15-SEP-2005 19:31:25:063] nziropen: exit
[15-SEP-2005 19:31:25:063] nzirretrieve: entry
[15-SEP-2005 19:31:25:063] nzdfr_reset: entry
[15-SEP-2005 19:31:25:063] nzdfr_reset: exit
[15-SEP-2005 19:31:25:063] nzdfr_reset: entry
[15-SEP-2005 19:31:25:063] nzdfr_reset: exit
[15-SEP-2005 19:31:25:063] nzumalloc: entry
[15-SEP-2005 19:31:25:063] nzdfwe_read_entry: entry
[15-SEP-2005 19:31:25:063] nzdfwe_read_entry: File read error: paramsizemismatch
[15-SEP-2005 19:31:25:063] nzdfwe_read_entry:  returning error: 28755
 
 
Error ora-28755 means: 28755, 00000, "object retrieval failure"
// *Cause: The system failed to retrieve information from a file or a
// database.
// *Action: Check if the data source exists, or check to ensure that the correct
// information exists.
 
Unfortunaly I don't have access to Metalink.
 
What am I doing wrong?
 
kind regards,
 
Ivan
IP Logged

regards,

Ivan
isaez
PeteFinnigan.com Junior Member
**



Ivan

   
View Profile |

Gender: male
Posts: 76
Re: external password store
« Reply #1 on: Sep 29th, 2005, 3:24pm »
Quote | Modify

Hi,
 
The external password store is now working. I threw away my wallet and sqlnet.ora and started again and to my big surprise it worked the first time! Probably a typo?
With the external password store I can have sqlplus scripts without embedding usercode/password in it. A "connect /@dbname" is sufficient:
 
isaez@linux:~/network> sqlplus /nolog
 
SQL*Plus: Release 10.2.0.1.0 - Production on Thu Sep 29 16:17:16 2005
 
Copyright (c) 1982, 2005, Oracle.  All rights reserved.
 
SQL> connect /@ivan
Connected.
 
 
regards,
 
Ivan
 
IP Logged

regards,

Ivan
Pages: 1  Reply | Notify of replies | Send Topic | Print

« Previous topic | Next topic »

Powered by YaBB 1 Gold - SP 1.4!
Forum software copyright 2000-2004 Yet another Bulletin Board