解决rman备份脚本中密码明文的问题--wallet
2013-09-22 22:26
411 查看
前面有一篇文章描述了rman备份脚本,里边提到了脚本中的明文密码不安全的问题。
这里使用wallet技术,设置密码。除了设置wallet密码的人,其他人也无法知道连接密码。这样就解决密码明文不安全的问题了。
rman备份脚本:http://blog.csdn.net/laven54/article/details/11892141
实验过程:
1.创建wallet
$ORACLE_HOME/bin/mkstore -wrl $ORACLE_HOME/network/admin/wallet -create
Enter password:<输入wallet密码>
2.创建连接串(一个连接串只能对应一个用户)
rman_connect =
(DESCRIPTION =
(ADDRESS = (PROTOCOL = TCP)(HOST = nascds18.cn.oracle.com)(PORT = 1521))
(CONNECT_DATA =
(SERVER = DEDICATED)
(SERVICE_NAME = R10203)
)
)
3. 加入用户认证信息到Wallet
其中db_utest是前面设置的网路连接串, "oracle"是用户sys的密码.
$ORACLE_HOME/bin/mkstore -wrl $ORACLE_HOME/network/admin/wallet -createCredential rman_connect sys "oracle"
Enter wallet password:<输入wallet密码>
Create credential oracle.security.client.connect_string1
4. 查看rman用户是否被加入到wallet中
$ORACLE_HOME/bin/mkstore -wrl $ORACLE_HOME/network/admin/wallet -listCredential
Enter wallet password:<输入wallet密码>
List credential (index: connect_string username)
1: rman_connect sys (显示sys已经被加入到wallet中)
5. 加入Wallet位置信息到sqlnet.ora
$ vi $ORACLE_HOME/network/admin/sqlnet.ora
WALLET_LOCATION=(SOURCE=(METHOD=FILE)(METHOD_DATA=(DIRECTORY=/opt/oracle/products/10.2.0.3/network/admin/wallet)))
SQLNET.WALLET_OVERRIDE=TRUE
6. 链接测试
[oracle@nascds18 admin]$ rman target /@rman_connect
Recovery Manager: Release 10.2.0.3.0 - Production on Mon Sep 23 12:52:23 2013
Copyright (c) 1982, 2005, Oracle. All rights reserved.
connected to target database: R10203 (DBID=2226792988)
RMAN> exit
Recovery Manager complete.
----------------------
mkstore用法:
dg-primary:/oracle/product/11gR2/db/network/admin> mkstore
Oracle Secret Store Tool : Version 11.2.0.3.0 - Production
Copyright (c) 2004, 2011, Oracle and/or its affiliates. All rights reserved.
mkstore [-wrl wrl] [-create] [-createSSO] [-createLSSO] [-createALO] [-delete] [-deleteSSO] [-list] [-createEntry alias secret] [-viewEntry alias] [-modifyEntry alias secret] [-deleteEntry alias] [-createCredential connect_string username password] [-listCredential]
[-modifyCredential connect_string username password] [-deleteCredential connect_string] [-help] [-nologo]
createCredential 是创建字符串对于的密码
modifyCredential 是修改字符串对于的密码
deleteCredential 是删除字符串对于的密码
listCredential 是列出当前有哪些用户设置了密码
——————————
测试的插曲:
使用rman target /@rman_connect 没问题,可是换成sqlplus /@rman_connect 就报错:
dg-primary:/oracle/product/11gR2/db/network/admin> rman target /@rman_connect2
Recovery Manager: Release 11.2.0.3.0 - Production on Sun Sep 22 22:49:10 2013
Copyright (c) 1982, 2011, Oracle and/or its affiliates. All rights reserved.
connected to target database: EBAI (DBID=2009644852)
RMAN>
dg-primary:/oracle/product/11gR2/db/network/admin> sqlplus /@rman_connect2
SQL*Plus: Release 11.2.0.3.0 Production on Sun Sep 22 22:47:33 2013
Copyright (c) 1982, 2011, Oracle. All rights reserved.
ERROR:
ORA-28009: connection as SYS should be as SYSDBA or SYSOPER
RMAN connections to a database are specified and authenticated in the same way as SQL*Plus connections to a database. The only difference is that RMAN connections
to a target or auxiliary database require the
The
and auxiliary connections and cannot be explicitly specified.
说明,在rman连接数据库时sys用户不需要”显式“指明 ”as SYSDBA“关键字。 但是在sqlplus登陆数据库时,sys用户必须指明,这个是区别,以前看见了但是没有太在意呢
___________________________________________________________________________________
版权所有,文章允许转载,但必须以链接方式注明源地址,否则追究法律责任!
Author: laven54 (lurou)
Email: laven54@163.com
Blog: http://blog.csdn.net/laven54
QQ群: 164734649 可以到群里来提问,Oracle相关的问题我都很感兴趣
这里使用wallet技术,设置密码。除了设置wallet密码的人,其他人也无法知道连接密码。这样就解决密码明文不安全的问题了。
rman备份脚本:http://blog.csdn.net/laven54/article/details/11892141
实验过程:
1.创建wallet
$ORACLE_HOME/bin/mkstore -wrl $ORACLE_HOME/network/admin/wallet -create
Enter password:<输入wallet密码>
2.创建连接串(一个连接串只能对应一个用户)
rman_connect =
(DESCRIPTION =
(ADDRESS = (PROTOCOL = TCP)(HOST = nascds18.cn.oracle.com)(PORT = 1521))
(CONNECT_DATA =
(SERVER = DEDICATED)
(SERVICE_NAME = R10203)
)
)
3. 加入用户认证信息到Wallet
其中db_utest是前面设置的网路连接串, "oracle"是用户sys的密码.
$ORACLE_HOME/bin/mkstore -wrl $ORACLE_HOME/network/admin/wallet -createCredential rman_connect sys "oracle"
Enter wallet password:<输入wallet密码>
Create credential oracle.security.client.connect_string1
4. 查看rman用户是否被加入到wallet中
$ORACLE_HOME/bin/mkstore -wrl $ORACLE_HOME/network/admin/wallet -listCredential
Enter wallet password:<输入wallet密码>
List credential (index: connect_string username)
1: rman_connect sys (显示sys已经被加入到wallet中)
5. 加入Wallet位置信息到sqlnet.ora
$ vi $ORACLE_HOME/network/admin/sqlnet.ora
WALLET_LOCATION=(SOURCE=(METHOD=FILE)(METHOD_DATA=(DIRECTORY=/opt/oracle/products/10.2.0.3/network/admin/wallet)))
SQLNET.WALLET_OVERRIDE=TRUE
6. 链接测试
[oracle@nascds18 admin]$ rman target /@rman_connect
Recovery Manager: Release 10.2.0.3.0 - Production on Mon Sep 23 12:52:23 2013
Copyright (c) 1982, 2005, Oracle. All rights reserved.
connected to target database: R10203 (DBID=2226792988)
RMAN> exit
Recovery Manager complete.
----------------------
mkstore用法:
dg-primary:/oracle/product/11gR2/db/network/admin> mkstore
Oracle Secret Store Tool : Version 11.2.0.3.0 - Production
Copyright (c) 2004, 2011, Oracle and/or its affiliates. All rights reserved.
mkstore [-wrl wrl] [-create] [-createSSO] [-createLSSO] [-createALO] [-delete] [-deleteSSO] [-list] [-createEntry alias secret] [-viewEntry alias] [-modifyEntry alias secret] [-deleteEntry alias] [-createCredential connect_string username password] [-listCredential]
[-modifyCredential connect_string username password] [-deleteCredential connect_string] [-help] [-nologo]
createCredential 是创建字符串对于的密码
modifyCredential 是修改字符串对于的密码
deleteCredential 是删除字符串对于的密码
listCredential 是列出当前有哪些用户设置了密码
——————————
测试的插曲:
使用rman target /@rman_connect 没问题,可是换成sqlplus /@rman_connect 就报错:
dg-primary:/oracle/product/11gR2/db/network/admin> rman target /@rman_connect2
Recovery Manager: Release 11.2.0.3.0 - Production on Sun Sep 22 22:49:10 2013
Copyright (c) 1982, 2011, Oracle and/or its affiliates. All rights reserved.
connected to target database: EBAI (DBID=2009644852)
RMAN>
dg-primary:/oracle/product/11gR2/db/network/admin> sqlplus /@rman_connect2
SQL*Plus: Release 11.2.0.3.0 Production on Sun Sep 22 22:47:33 2013
Copyright (c) 1982, 2011, Oracle. All rights reserved.
ERROR:
ORA-28009: connection as SYS should be as SYSDBA or SYSOPER
RMAN connections to a database are specified and authenticated in the same way as SQL*Plus connections to a database. The only difference is that RMAN connections
to a target or auxiliary database require the
SYSDBAprivilege.
The
AS SYSDBAkeywords are implied for target
and auxiliary connections and cannot be explicitly specified.
说明,在rman连接数据库时sys用户不需要”显式“指明 ”as SYSDBA“关键字。 但是在sqlplus登陆数据库时,sys用户必须指明,这个是区别,以前看见了但是没有太在意呢
___________________________________________________________________________________
版权所有,文章允许转载,但必须以链接方式注明源地址,否则追究法律责任!
Author: laven54 (lurou)
Email: laven54@163.com
Blog: http://blog.csdn.net/laven54
QQ群: 164734649 可以到群里来提问,Oracle相关的问题我都很感兴趣
内容来自用户分享和网络整理,不保证内容的准确性,如有侵权内容,可联系管理员处理 
相关文章推荐
- shell脚本中解决SCP命令需要输入密码的问题
- sql server生成脚本备份数据库——解决数据库版本不兼容问题
- 解决 shell脚本中SCP命令需要输入密码的问题
- 解决DiscuzX3.3登录页面密码明文传输问题
- shell脚本中解决SCP命令需要输入密码的问题
- windows脚本解决SQL SERVER自动备份问题
- bash脚本输入密码不回显问题的解决方法
- 解决Centos 6使用svn时本地使用明文密码的问题,保存密文密码
- aix下oracle的定时备份脚本及几个问题的解决
- ssh、scp的使用,以及shell脚本解决scp需要输入密码的问题
- bash脚本输入密码不回显问题的解决方法
- mysql远程备份并解决编码问题脚本
- 关于两个问题:日志的自动备份脚本、mysql重置密码
- bash脚本输入密码不回显问题的解决方法
- 解决SQLPLUS执行脚本时显示用户名密码问题
- oracle rman 备份与恢复 临时表空间的文件问题解决 留痕
- 解决Outlook2007解决不能记住密码问题
- Mac上安装MySQL图文教程(解决了临时密码和编码集问题)
- ssh无密码登录设置出现问题 ECDSA host key 和IP地址对应的key不同的解决
- rman 核心脚本 以及设置RMAN 的备份路径