Pete Finnigan's Oracle Security Forum (
Oracle Security >> Oracle Security tools >> external password store
(Message started by: Pete Finnigan on Sep 16th, 2005, 8:51am)

Title: external password store
Post by Pete Finnigan on Sep 16th, 2005, 8:51am

I'm experimenting with the external password store (Oracle 10gR2 on Suse 9.3). When this feature is configured, application code, batch jobs, and scripts no longer need embedded user names and passwords.
So far so good. But when I try to use it I get an ORA-01017: invalid username/password; logon denied.
I've followd all the indication found in the Security Guide 10g Release 2 (10.2). Essentially:

mkstore -wrl /home/isaez/network -create
mkstore -wrl /home/isaez/network -createCredential ivan isaez mypwd

ivan is found in my tnsnames.ora and tnsping works. Also an sqlplus isaez/mypwd@ivan
connects without problem.
I also edited my sqlnet.ora file:

When I try to use the wallet:

sqlplus /nolog
connect /@ivan

I get the ora-01017 error. I also made a client trace and found the following errors (?):
[15-SEP-2005 19:31:25:063] snzdfo_open_file: Opening file /home/isaez/network/cwallet.sso with READ ONLY permissions
[15-SEP-2005 19:31:25:063] snzdfo_open_file: exit
[15-SEP-2005 19:31:25:063] nzdfo_open: exit
[15-SEP-2005 19:31:25:063] nziropen: exit
[15-SEP-2005 19:31:25:063] nzirretrieve: entry
[15-SEP-2005 19:31:25:063] nzdfr_reset: entry
[15-SEP-2005 19:31:25:063] nzdfr_reset: exit
[15-SEP-2005 19:31:25:063] nzdfr_reset: entry
[15-SEP-2005 19:31:25:063] nzdfr_reset: exit
[15-SEP-2005 19:31:25:063] nzumalloc: entry
[15-SEP-2005 19:31:25:063] nzdfwe_read_entry: entry
[15-SEP-2005 19:31:25:063] nzdfwe_read_entry: File read error: paramsizemismatch
[15-SEP-2005 19:31:25:063] nzdfwe_read_entry:  returning error: 28755

Error ora-28755 means: 28755, 00000, "object retrieval failure"
// *Cause: The system failed to retrieve information from a file or a
// database.
// *Action: Check if the data source exists, or check to ensure that the correct
// information exists.

Unfortunaly I don't have access to Metalink.

What am I doing wrong?

kind regards,


Title: Re: external password store
Post by Pete Finnigan on Sep 29th, 2005, 3:24pm

The external password store is now working. I threw away my wallet and sqlnet.ora and started again and to my big surprise it worked the first time! Probably a typo?
With the external password store I can have sqlplus scripts without embedding usercode/password in it. A "connect /@dbname" is sufficient:

isaez@linux:~/network> sqlplus /nolog

SQL*Plus: Release - Production on Thu Sep 29 16:17:16 2005

Copyright (c) 1982, 2005, Oracle.  All rights reserved.

SQL> connect /@ivan



Powered by YaBB 1 Gold - SP 1.4!
Forum software copyright 2000-2004 Yet another Bulletin Board