Here is how I wound up solving the problem.
First, I created a separate key server that starts up at the same time as the main server. Its sole purpose is to hand out keys to authorized processes. It does this by running an md5sum on the calling binary, then seeing which keys that binary is allowed to access. The calling binary (in this case, the script, which has been compiled to an executable) requests the keys from this server and then proceeds as normal.
The key server runs all the time and maintains a keychain password in its own memory. On startup, it does not have the keychain password, and thus cannot respond to requests for keys. So before it can do this, it requires that the keychain password gets set. This can be done via a web interface or the command line and requires user interaction. This secures the system by requiring that somebody physically enter the correct password. This generally only needs to be done once per reboot, since the key server never terminates.
I generally use the automount
service for shares like this that I'll periodically want to mount and use. Setting this up, once you understand how, is fairly trivial.
Step #1 - setup automounting
You'll need to make sure that packages are installed. On CentOS 6 that would be autofs
. Most likely other distros will use a similar name. You'll then need to create the following files:
# /etc/auto.master
/mymountpt /etc/auto.mymountpt --timeout=600 --ghost
# /etc/auto.mymountpt
someshare -fstype=cifs,rw,noperm,netbiosname=${HOST},credentials=/etc/credentials.txt ://cifsserver/sharename
# /etc/credentials.txt
username=mydom\myuser
password=somepassword
You'll need to make the permissions on this last file like so:
$ sudo chmod 600 /etc/credentials.txt
You'll also need to make sure that NSS (Name Service Switch) is aware of this setup:
# /etc/nsswitch.conf
automount: files nisplus
With these files in place you should now be able to start the autofs
service.
$ sudo service autofs start
Step #2 - testing it out
Once the service has been started, you'll be able to access this path at will:
$ cd /mymountpt/someshare
The mounting of this share is now governed by autofs
which will watch for 600 seconds of inactivity, at which point it will unmount the share.
This approach may seem a bit heavy handed but by doing things this way, you've alleviated your system from having to be dependent on a particular CIFS share as being available at boot. You've moved it so that it's now on demand when it's actually being used.
What to do if you don't have root login?
If you find you don't have these packages installed and aren't able to install them then your options become far fewer.
I would take a look at the Samba article in the ArchLinux Wiki, it covers other methods as well. You could also make use of FUSE to mount a variety of types of media as local directories, including SMB/CIFS. This is covered in the FUSESmb article on the Ubuntu Wiki.
References
Best Answer
I'm not really experienced with Oracle databases (or databases for that matter), but it seems a Perl solution is possible with Oracle wallet as shown here (Google search terms "oracle database passwordless login").