Saturday, February 2, 2008

RMAN Backup using a Wallet for Authentication

RMAN Backup using a Wallet for Authentication

Ever want to not have passwords in you RMAN backup scripts?
Oracle Wallet will provide a way to connect to the RMAN repository without having to create a way to script in a password.

1. setup password files that allow and disallow logging in with SYSDBA (This is optional and only if you want to be able to control remote login as sysdba)

a. cd $ORACLE_HOME/dbs
b. export ORACLE_SID=rman
c. orapwd file=orapwdbname.nosysdba password= nosysdba=y
d. orapwd file=orapwdbname.sysdba password= nosysdba=n


2. Add processes to enable sysdba for backup and disable when backup is complete (optional only if you want to control when remote sysdba connections are allowed)
a. enable sysdba logins
cp –p orapwdbname.sysdba orapwdbname

b. disable sysdba logins
cp –p orapwdbname.nosysdba orapwdbname

* For our example we will assume that we will have it on and it is left on, but this will give the option to allow and disallow sysdba connections as needed.


3. Avoid having to pass username and password at the command line.
a. add TNS Alias to tnsnames.ora file for RMANSYS connections

RMANSYS =
(DESCRIPTION =
(ADDRESS = (PROTOCOL = TCP)(HOST = )(PORT = 1521))
(CONNECT_DATA =
(SERVER = DEDICATED)
(SERVICE_NAME = rman)
)
)

b. Create Wallet
cd $ORACLE_HOME/network/admin
mkstore –wrl $ORACLE_HOME/network/admin –create

* Enter password for wallet (will have to be entered 2 times for confirmation)
* Creates 2 files ewallet.p12 and cwallet.sso

c. Create credential for Wallet
mkstore -wrl $ORACLE_HOME/network/admin –createCredential rmansys rman

* should see something like Create credential oracle.security.client.connect_string1

d. Edit sqlnet.ora
WALLET_LOCATION =
(SOURCE =
(METHOD = FILE)
(METHOD_DATA =
(DIRECTORY = <$ORACLE_HOME*>/network/admin)))

SQLNET.WALLET_OVERRIDE = TRUE
SSL_CLIENT_AUTHENTICATION = FALSE
SSL_VERSION = 0


* Must put in path for $ORACLE_HOME

e. Restart the database listener
lsnrctl stop
lsnrctl start

4. Now you can use the wallet credentials to login as sys.
sqlplus /@RMANSYS

export ORACLE_SID=trn01
rman target=/ catalog=/@rmansys

Posted by at
Labels:

2 comments:

Anonymous said...

Have you tried this? I cannot get it to work. I also could not get the listener to start with the WALLET_LOCATION parameter in the sqlnet.ora file. According to the docs, this is a listener.ora param. Thanks.

mike.morley@talbots.com

March 27, 2008 at 4:58 PM
Mike Messina said...

Yes I have tried this. Did not have issues. I am more then willing to help you further I will send you a note at the email address you left.

March 28, 2008 at 11:05 AM

Post a Comment

Subscribe to: Post Comments (Atom)