SQLPLUS 未从 ewallet.p12 文件获取凭据
SQLPLUS not getting credentials from ewallet.p12 file
遵循 https://docs.oracle.com/cd/E78494_01/aip/pdf/1411/html/ig/aip-ig-apx_wallet.htm 指南并创建了 ewallet.p12(还生成 cwallet.sso)、sqlnet.ora 和 tnsnames.ora:
PS C:\Users\myname\Oracle> echo $env:ORACLE_HOME
C:\app\oracle\product.0.0\client_1
PS C:\Users\myname\Oracle> echo $env:TNS_ADMIN
C:\Users\myname\Oracle\my_admin
然后测试了我的凭据,tnsnames.ora 成功:
sqlplus user/password@tns_alias
但是,从上面删除用户和密码(期望从 ewallet.p12 文件中获取)错误:
SQL*Plus: Release 19.0.0.0.0 - Production on Thu Jul xxxxxxxxx
Version 19.3.0.0.0
Copyright (c) 1982, 2019, Oracle. All rights reserved.
ERROR:
ORA-01017: invalid username/password; logon denied
Enter user-name:
然后在出现提示时输入用户名和密码,出现 tns 适配器错误:
Enter user-name: user
Enter password:
ERROR:
ORA-12560: TNS:protocol adapter error
以下为sqlnet.ora内容:
SSL_CLIENT_AUTHENTICATION=FALSE
SSL_SERVER_DN_MATCH=TRUE
WALLET_LOCATION =
(SOURCE =
(METHOD=FILE) (METHOD_DATA = (DIRECTORY = C:\Users\myname\Oracle\my_wallet)))
TRACE_LEVEL_CLIENT=16
TRACE_FILE_CLIENT = client.trc
TRACE_DIRECTORY_CLIENT=%USERPROFILE%\ORACLE
钱包文件夹内容:
PS P:\> ls C:\Users\myname\Oracle\my_wallet\
Directory: C:\Users\myname\Oracle\my_wallet
Mode LastWriteTime Length Name
---- ------------- ------ ----
-a---- 30/07/2020 7:59 PM 2509 cwallet.sso
-a---- 30/07/2020 7:39 PM 0 cwallet.sso.lck
-a---- 30/07/2020 7:59 PM 2464 ewallet.p12
-a---- 30/07/2020 7:39 PM 0 ewallet.p12.lck
这似乎很简单,但不确定我错过了什么?
当您使用钱包通过密码存储进行身份验证时,最好包含两个额外的文件 (sqlnet.ora and tnsnames.ora),这两个文件不同于您通常用于密码连接的文件。
将tnsnames.ora和sqlnet.ora复制到同一个钱包目录,然后按照以下步骤操作:
3.Edit sqlnet.ora 看起来像这样
WALLET_LOCATION =
(SOURCE =
(METHOD = FILE)
(METHOD_DATA =
(DIRECTORY = C:\Users\myname\Oracle\my_wallet )
)
)
SQLNET.WALLET_OVERRIDE = TRUE
SSL_CLIENT_AUTHENTICATION = FALSE
SSL_VERSION = 0
3.Your 新 tnsnames.ora 必须包含钱包条目(service_name 或 sid )
MY_EXAMPLE=(DESCRIPTION =(ADDRESS = (PROTOCOL = TCP)(HOST = server )(PORT = port ))(CONNECT_DATA =(SERVER = DEDICATED)(SID = databasesid)))
4.SET TNS_ADMIN 到新的 sqlnet 和 tnsnames 文件的位置
SET TNS_ADMIN=C:\Users\myname\Oracle\my_wallet
5.The 包含所有文件的目录应该如下所示(在我的例子中,我使用 Linux )
-rw-------. 1 orafil finance 0 Feb 6 16:30 ewallet.p12.lck
-rw-------. 1 orafil finance 0 Feb 6 16:30 cwallet.sso.lck
-rw-rw-r--. 1 orafil finance 235 Feb 18 10:26 sqlnet.ora
-rw-rw-r--. 1 orafil finance 454 May 14 11:35 tnsnames.ora
-rw-------. 1 orafil finance 2872 May 14 14:26 ewallet.p12
-rw-------. 1 orafil finance 2917 May 14 14:26 cwallet.sso
然后连接
sqlplus user/@MY_EXAMPLE
遵循 https://docs.oracle.com/cd/E78494_01/aip/pdf/1411/html/ig/aip-ig-apx_wallet.htm 指南并创建了 ewallet.p12(还生成 cwallet.sso)、sqlnet.ora 和 tnsnames.ora:
PS C:\Users\myname\Oracle> echo $env:ORACLE_HOME
C:\app\oracle\product.0.0\client_1
PS C:\Users\myname\Oracle> echo $env:TNS_ADMIN
C:\Users\myname\Oracle\my_admin
然后测试了我的凭据,tnsnames.ora 成功:
sqlplus user/password@tns_alias
但是,从上面删除用户和密码(期望从 ewallet.p12 文件中获取)错误:
SQL*Plus: Release 19.0.0.0.0 - Production on Thu Jul xxxxxxxxx
Version 19.3.0.0.0
Copyright (c) 1982, 2019, Oracle. All rights reserved.
ERROR:
ORA-01017: invalid username/password; logon denied
Enter user-name:
然后在出现提示时输入用户名和密码,出现 tns 适配器错误:
Enter user-name: user
Enter password:
ERROR:
ORA-12560: TNS:protocol adapter error
以下为sqlnet.ora内容:
SSL_CLIENT_AUTHENTICATION=FALSE
SSL_SERVER_DN_MATCH=TRUE
WALLET_LOCATION =
(SOURCE =
(METHOD=FILE) (METHOD_DATA = (DIRECTORY = C:\Users\myname\Oracle\my_wallet)))
TRACE_LEVEL_CLIENT=16
TRACE_FILE_CLIENT = client.trc
TRACE_DIRECTORY_CLIENT=%USERPROFILE%\ORACLE
钱包文件夹内容:
PS P:\> ls C:\Users\myname\Oracle\my_wallet\
Directory: C:\Users\myname\Oracle\my_wallet
Mode LastWriteTime Length Name
---- ------------- ------ ----
-a---- 30/07/2020 7:59 PM 2509 cwallet.sso
-a---- 30/07/2020 7:39 PM 0 cwallet.sso.lck
-a---- 30/07/2020 7:59 PM 2464 ewallet.p12
-a---- 30/07/2020 7:39 PM 0 ewallet.p12.lck
这似乎很简单,但不确定我错过了什么?
当您使用钱包通过密码存储进行身份验证时,最好包含两个额外的文件 (sqlnet.ora and tnsnames.ora),这两个文件不同于您通常用于密码连接的文件。
将tnsnames.ora和sqlnet.ora复制到同一个钱包目录,然后按照以下步骤操作:
3.Edit sqlnet.ora 看起来像这样
WALLET_LOCATION =
(SOURCE =
(METHOD = FILE)
(METHOD_DATA =
(DIRECTORY = C:\Users\myname\Oracle\my_wallet )
)
)
SQLNET.WALLET_OVERRIDE = TRUE
SSL_CLIENT_AUTHENTICATION = FALSE
SSL_VERSION = 0
3.Your 新 tnsnames.ora 必须包含钱包条目(service_name 或 sid )
MY_EXAMPLE=(DESCRIPTION =(ADDRESS = (PROTOCOL = TCP)(HOST = server )(PORT = port ))(CONNECT_DATA =(SERVER = DEDICATED)(SID = databasesid)))
4.SET TNS_ADMIN 到新的 sqlnet 和 tnsnames 文件的位置
SET TNS_ADMIN=C:\Users\myname\Oracle\my_wallet
5.The 包含所有文件的目录应该如下所示(在我的例子中,我使用 Linux )
-rw-------. 1 orafil finance 0 Feb 6 16:30 ewallet.p12.lck
-rw-------. 1 orafil finance 0 Feb 6 16:30 cwallet.sso.lck
-rw-rw-r--. 1 orafil finance 235 Feb 18 10:26 sqlnet.ora
-rw-rw-r--. 1 orafil finance 454 May 14 11:35 tnsnames.ora
-rw-------. 1 orafil finance 2872 May 14 14:26 ewallet.p12
-rw-------. 1 orafil finance 2917 May 14 14:26 cwallet.sso
然后连接
sqlplus user/@MY_EXAMPLE