Tuesday, August 28, 2007

Passwords: store them in a Wallet!

Working on OID and database registrations, I found the wallet created by the DBCA does not need to be signed. Basically - it's empty!
Well, not quite; although the oracle Wallet Manager, owm, only shows "there's something", details can be retrieved using mkstore:

oracle10@infra mkstore -wrl /oracle/infra/admin/dev/wallet -list
Enter password:

Oracle Secret Store entries:
oracle10@infra mkstore -wrl /oracle/infra/admin/dev/wallet -viewEntry ORACLE.SECURITY.DN
Enter password:

ORACLE.SECURITY.DN = cn=infra,cn=OracleContext,dc=home,dc=local
oracle10@infra mkstore -wrl /oracle/infra/admin/dev/wallet -viewEntry ORACLE.SECURITY.PASSWORD
Enter password:


The password you need to provide, is the password you specified for the wallet at the time you registered the database.
So, if you ever want to know the password of database registration, this is how. Works for 10.2 databases, should work for 10.1 (as 10.1 also knows mkstore), does not work for 9.2 or lower.

Another great option of mkstore (and the reason I found this...) is to store credentials for a database - great for securing database links and batch processes.
More on that in the security manual, here, and an example.

No comments: