Information on Oracle MKSTORE utility for creating wallet

oraclewallet

I'm looking for more information about the utility MKSTORE that can be used for creating and modifying a Wallet. I would like to know things like what the -createALO option is and what the difference is between -createSSO and CreateLSSO. A link to the information would be fine or a document number on MOS. My goal is to script the Wallet creation and am wondering if these options can help me in any way.

Best Answer

General Information about Oracle Wallet is in the Advanced Security Guide.

This is the link to managing wallets from the command line using the general orapki tool.

This is the link to managing wallets using the MKSTORE command specific to credentials storage.

*add

Here is some q&a on the steps on asktom. He also notes an Oracle bug 4395883 that can affect using connect identifiers 4, 8 or 12 bytes in length.

Here is a blog entry that contains a script for rapidly creating wallet entries. Another entry on that blog about the bug above.

Another blog entry about the whole process.

-createSSO means autologin (aka no password required)

-createLSSO means -auto_login_local (require the hostname matches where the wallet was created)

-createALO means -auto_login_only (require the hostname and the user the wallet was created on/under to match)

This does not appear to be documented under mkstore but is documented under orapki which is a companion utility. Note auto_login_local security feature can be spoofed and offers little additional protection. Search the web and you can find more details about why auto_login_local is ineffective.

https://docs.oracle.com/cd/E11882_01/network.112/e40393/asoappf.htm#ASOAG9833

Related Solutions

How to configure so the Oracle wallet password can be authenticated with a web based Oracle application

ORA-24247 is something you would get after you already have a connection and are trying to use a network resource (such as UTL_HTTP). It sounds like you need to create an ACL (Access Control List). See http://oraclepoint.com/oralife/2010/10/08/configuring-wallet-manager-to-enable-https-connect-with-oracle-11g-database/.

What all to start for oracle database server

If you have the entries for your instance added to /etc/oratab (that should be "orcl:/your/oracle/home:Y" ) and you did run the root.sh in the end of that installation and the root.sh placed the environment scripts in /usr/locla/bin (the default), you can issue:

ORACLE_SID=orcl
ORAENV_ASK=NO
. /usr/local/bin/oraenv
unset ORAENV_ASK
$ORACLE_HOME/bin/dbstart

What oraenv does is mainly setting environment variables like ORACLE_HOME, ORACLE_BASE and PATH. PATH is made up of $ORACLE_HOME/bin. You could add the environment setup to your .profile and of course, you can start the database manually using sqlplus.

The dbstart script starts all databases that are registered in the oratab file, that have a 'Y' in the third column.

Manually starting, after the environment has been setup for a specific instance as shown above:

sqlplus / as sysdba
startup

If you want to switch to a different database just issue . oraenv (if /usr/local/bin is in the PATH) and give it the ORACLE_SID of the database that you want to manage.

Most databases will be accessed using a client from an other machine/VM. In that case you also might want to start the listener: lsnrctl start

Best Answer

Related Solutions

How to configure so the Oracle wallet password can be authenticated with a web based Oracle application

What all to start for oracle database server

Related Question