I'm looking for more information about the utility MKSTORE that can be used for creating and modifying a Wallet. I would like to know things like what the -createALO option is and what the difference is between -createSSO and CreateLSSO. A link to the information would be fine or a document number on MOS. My goal is to script the Wallet creation and am wondering if these options can help me in any way.
Information on Oracle MKSTORE utility for creating wallet
oraclewallet
Related Question
- Oracle Wallet Open Failed – Common Causes and Fixes
- Oracle Database Design – Static Lookup Table Setup
- Linux – Oracle Database 12c on Oracle Linux 7 – autostart, enabling connection as sysdba
- Oracle – How to Restore Data from an Old RMAN Backup (ORA-01152)
- What is oracle universal installer in oracle database products
- Oracle RMAN – MAXPIECESIZE Ignored for Level 0 Backups
- Oracle – Connecting to Autonomous Data Warehouse with DataGrip
- Oracle 19c – Logon Denied for Oracle Wallet User in Docker
Best Answer
General Information about Oracle Wallet is in the Advanced Security Guide.
This is the link to managing wallets from the command line using the general orapki tool.
This is the link to managing wallets using the MKSTORE command specific to credentials storage.
*add
Here is some q&a on the steps on asktom. He also notes an Oracle bug 4395883 that can affect using connect identifiers 4, 8 or 12 bytes in length.
Here is a blog entry that contains a script for rapidly creating wallet entries. Another entry on that blog about the bug above.
Another blog entry about the whole process.
-createSSO means autologin (aka no password required)
-createLSSO means -auto_login_local (require the hostname matches where the wallet was created)
-createALO means -auto_login_only (require the hostname and the user the wallet was created on/under to match)
This does not appear to be documented under mkstore but is documented under orapki which is a companion utility. Note auto_login_local security feature can be spoofed and offers little additional protection. Search the web and you can find more details about why auto_login_local is ineffective.
https://docs.oracle.com/cd/E11882_01/network.112/e40393/asoappf.htm#ASOAG9833