Re: OCILogon using Secure External Password Store parameters

From: wvwwork <wvan_at_uvm.edu>
Date: Mon, 23 Feb 2009 13:33:03 -0800 (PST)
Message-ID: <927f6346-9dda-4cf1-a305-4cada2194686_at_m2g2000vbp.googlegroups.com>


On Feb 21, 8:37 pm, Michael Austin <maus..._at_firstdbasource.com> wrote:
> Warren Van Wyck wrote:
> > Hi,
>
> > I had already read the first link in depth -- it does not show how to
> > code a OCI logon.  I had also googled it, checked Oracle forums and have
> > not seen the proper parameter list.  Pro*C SQL CONNECT works OK, but I'm
> > working for specific advice for OCI.  SEPS is set up properly since
> > SQLPLUS and PRO*C work with it.
>
> > --  Warren
>
> > Michael Austin wrote:
> >> Warren Van Wyck wrote:
> >>> I'm using Oracle 10g Release 2 on IBM AIX.
>
> >>> sqlplus /_at_PPRD works fine with Secure External Password Store where
> >>> PPRD is a TNS Alias
>
> >>> It's not working for my OCI program.
>
> >>> Code for OCI
>
> >>> rc = OCILogon(p_env, p_err, &p_svc, "/_at_PPRD", 6, "", 0, "", 0);
>
> >>> yields
>
> >>> Logon Error - ORA-01005: null password given; logon denied
>
> >>> Various other combinations also fail.
>
> >> various docs and examples abound ...
>
> >>http://www.oracle-base.com/articles/10g/SecureExternalPasswordStore_1...
>
> >> and
> >>http://www.google.com/search?hl=en&q=oci+secure+external+password+sto...
>
> Question.. is the OCI connection being called from the same "server" or
> is it a remote app server?
>
> http://download.oracle.com/docs/cd/B19306_01/appdev.102/b14250/oci08s...
>
> and
>
> http://download.oracle.com/docs/cd/B19306_01/network.102/b14266/toc.htm
> *specifically chapter 9: and subsection "Configuring Clients to use the
> External Password Store".

Hi. I'm responding from another account.

I've read a number of sections and none detail a OCILogon or OCILogon2 for Secure External Password Store. The closest I read is:

  • start quote --

How Does the External Password Store Work?

Typically, users (including applications, batch jobs, and scripts) connect to databases by using a standard CONNECT statement that specifies a database_connect_string. This string can include a user name and password, and an Oracle Net service name identifying the database on an Oracle network. For example, the service name could be the URL that uniquely identifies that database, or a TNS alias you entered in the tnsnames.ora file in the database. Another possibility is a host:port:sid string.

The following examples are standard CONNECT statements that could be used for a client that is not configured to use the external password store:

    *

      connect salesapp/2Ip6Cg8_at_sales_db.us.acme.com
      or
      connect salesapp/2Ip6Cg8_at_ORASALES
      or
      connect salesapp/2Ip6Cg8_at_ourhost37:1527:DB17

In these examples, salesapp is the user name and 2Ip6Cg8 is the password, with the unique connect string for the database shown as specified in three different ways. You could use its URL sales_db.us.acme.com, or its TNS alias ORASALES from the tnsnames.ora file, or its host:port:sid string.

However, when clients are configured to use the secure external password store, applications can connect to a database with the following CONNECT statement syntax, without specifying database login credentials:

connect /_at_db_connect_string

where db_connect_string is a valid connect string to access the intended database, such as the service name, URL, or alias as illustrated in the earlier examples.

In this case, the database credentials, username and password, are securely stored in an Oracle wallet created for this purpose. The autologin feature of this wallet is turned on so the system does not need a password to open the wallet. From the wallet, it gets the credentials to access the database for the user they represent.

  • end quote --

Perhaps Secure External Password Store does not work with OCILogon or OCILogon2.

OCILogon is described as a "simplified logon message".

If I use

OCISessionBegin ( svchp, errhp, authp, OCI_CRED_EXT,

SEPS does work if OCI_CRED_EXT is specified instead of OCI_CRED_RDMS.

Pro*C is certainly easier for this.

  • Warren
Received on Mon Feb 23 2009 - 22:33:03 CET

Original text of this message