Pete Finnigan's Oracle Security Forum (http://www.petefinnigan.com/forum/yabb/YaBB.cgi)
Oracle Security >> Oracle Security tools >> external password store
(Message started by: Pete Finnigan on Sep 16th, 2005, 8:51am)

Title: external password store
Post by Pete Finnigan on Sep 16th, 2005, 8:51am
Hi,

I'm experimenting with the external password store (Oracle 10gR2 on Suse 9.3). When this feature is configured, application code, batch jobs, and scripts no longer need embedded user names and passwords.
So far so good. But when I try to use it I get an ORA-01017: invalid username/password; logon denied.
I've followd all the indication found in the Security Guide 10g Release 2 (10.2). Essentially:

mkstore -wrl /home/isaez/network -create
mkstore -wrl /home/isaez/network -createCredential ivan isaez mypwd

ivan is found in my tnsnames.ora and tnsping works. Also an sqlplus isaez/mypwd@ivan
connects without problem.
I also edited my sqlnet.ora file:
Code:
SQLNET.WALLET_OVERRIDE = TRUE
WALLET_LOCATION = (SOURCE=
(METHOD = FILE)
(METHOD_DATA =
(DIRECTORY=/home/isaez/network
)))

When I try to use the wallet:

Code:
sqlplus /nolog
connect /@ivan


I get the ora-01017 error. I also made a client trace and found the following errors (?):
Code:
[15-SEP-2005 19:31:25:063] snzdfo_open_file: Opening file /home/isaez/network/cwallet.sso with READ ONLY permissions
[15-SEP-2005 19:31:25:063] snzdfo_open_file: exit
[15-SEP-2005 19:31:25:063] nzdfo_open: exit
[15-SEP-2005 19:31:25:063] nziropen: exit
[15-SEP-2005 19:31:25:063] nzirretrieve: entry
[15-SEP-2005 19:31:25:063] nzdfr_reset: entry
[15-SEP-2005 19:31:25:063] nzdfr_reset: exit
[15-SEP-2005 19:31:25:063] nzdfr_reset: entry
[15-SEP-2005 19:31:25:063] nzdfr_reset: exit
[15-SEP-2005 19:31:25:063] nzumalloc: entry
[15-SEP-2005 19:31:25:063] nzdfwe_read_entry: entry
[15-SEP-2005 19:31:25:063] nzdfwe_read_entry: File read error: paramsizemismatch
[15-SEP-2005 19:31:25:063] nzdfwe_read_entry:  returning error: 28755


Error ora-28755 means: 28755, 00000, "object retrieval failure"
// *Cause: The system failed to retrieve information from a file or a
// database.
// *Action: Check if the data source exists, or check to ensure that the correct
// information exists.

Unfortunaly I don't have access to Metalink.

What am I doing wrong?

kind regards,

Ivan

Title: Re: external password store
Post by Pete Finnigan on Sep 29th, 2005, 3:24pm
Hi,

The external password store is now working. I threw away my wallet and sqlnet.ora and started again and to my big surprise it worked the first time! Probably a typo?
With the external password store I can have sqlplus scripts without embedding usercode/password in it. A "connect /@dbname" is sufficient:

isaez@linux:~/network> sqlplus /nolog

SQL*Plus: Release 10.2.0.1.0 - Production on Thu Sep 29 16:17:16 2005

Copyright (c) 1982, 2005, Oracle.  All rights reserved.

SQL> connect /@ivan
Connected.


regards,

Ivan




Powered by YaBB 1 Gold - SP 1.4!
Forum software copyright 2000-2004 Yet another Bulletin Board