hardcoded passwords in RMAN
DBAsupport.com Forums - Powered by vBulletin
Results 1 to 8 of 8

Thread: hardcoded passwords in RMAN

  1. #1
    Join Date
    Nov 2000
    Posts
    15

    Post

    When I call my rman scripts from a UNIX shell script which invokes RMAN, I connect to the target database using the following code:

    connect target user/password

    Are there any ideas of how I can do this without hard coding the password?
    Michael Auer
    Oracle DBA/Developer
    Oracle8i OCP

  2. #2
    Join Date
    Feb 2000
    Location
    New York,U.S.A.
    Posts
    245
    change file permission to 400, so people outside dba group could not read your file.

  3. #3
    Join Date
    Feb 2000
    Location
    New York,U.S.A.
    Posts
    245
    Sorry, should be 700.

  4. #4
    Join Date
    Nov 2000
    Location
    greenwich.ct.us
    Posts
    9,092
    You could enable OS authentication. Then, you would only have to:
    connect target /
    Jeff Hunter
    marist89@yahoo.com
    http://marist89.blogspot.com/
    Get Firefox!
    "I pledge to stop eating sharks fin soup and will not do so under any circumstances."

  5. #5
    Join Date
    Nov 2000
    Posts
    25
    Hi
    setting file permission may not help . Anybody can do a ps -ef | grep rman to find the connection string. Setting os authentication seems to work fine . I usually put the passwords and other options in a config file and protect that file . within the shell script i read the config file and cut the necessary options for constructing the command line.

    HTH
    Santosh

  6. #6
    Join Date
    Oct 2000
    Location
    Cambridge, MA (Boston)
    Posts
    144
    You can also use a Unix user/password file (note: not Oracle's password authentication for remote logins)

    It is still hard coded, but you can have just one file for every user/pw for each database or server. I reference this file for many purposes. It also hides the password from the Unix ps command.

    From my Korne shell script:

    ORAPSWD_FILE=/fullpath/${ORACLE_SID}/scripts/pwsystem.txt
    ORAPSWD_IN=`cat ${ORAPSWD_FILE}`
    [...]
    $ORACLE_HOME/bin/imp file=expdat.dmp log=imp.log << EOT
    ${ORAPSWD_IN}
    EOT

    Obviously i use this for exp/imp, but i imagine you can use it for RMAN. The read/write permissions for pwsystem.txt should be restricted as indicated by dragon99.

    hth, D.

  7. #7
    Join Date
    Nov 2000
    Posts
    25
    Hi

    An example script for an incremental backup

    DATE=`date +%D`
    PWD=/home/admin/dba/oracle/rman_scripts
    CONFIG=$PWD/config.rman
    LOG=$PWD/log


    do_backup()
    {
    TARGET_INSTANCE=$1
    TARGET_INTERNAL_PASS=$2
    RMAN_USER=$3
    RMAN_PASS=$4
    RMAN_REPO=$5
    TODAY=`date +%a`
    case $TODAY in
    'Mon')
    LEVEL=0
    ;;

    'Tue'|'Wed'|'Fri')
    LEVEL=2
    ;;

    'Thu')
    LEVEL=1
    ;;

    default)
    ;;

    esac
    echo "The current backup level is $LEVEL"
    SCRIPTNAME=run_backup_db_level_${LEVEL}
    LOGFILE=${LOG}/${SCRIPTNAME}_${TARGET_INSTANCE}.log
    CMDFILE=${PWD}/${SCRIPTNAME}
    # Now Run the backup line for the specific database
    rman target internal/${TARGET_INTERNAL_PASS}@${TARGET_INSTANCE} RCVCAT ${RMAN_USER}/${RMAN_PASS}@${RMAN_REPO} CMDFILE $CMDFILE MSGLOG $LOGFILE
    }


    cat $CONFIG | while read LINE
    do
    case $LINE in
    \#*) ;;
    *)
    TARGET_INSTANCE=`echo $LINE | cut -d":" -f1`
    TARGET_INTERNAL_PASS=`echo $LINE | cut -d":" -f2`
    RMAN_USER=`echo $LINE | cut -d":" -f3`
    RMAN_PASS=`echo $LINE | cut -d":" -f4`
    RMAN_REPO=`echo $LINE | cut -d":" -f5`
    do_backup $TARGET_INSTANCE $TARGET_INTERNAL_PASS $RMAN_USER $RMAN_PASS $RMAN_REPO
    esac
    done

    ==========================================================
    This is sample config.rman file
    # This is the configuration file for rman backup
    # All comments should start with a hash symbol
    # Each field should be separated with a (:)
    # Field 1 - Instance name
    # Field 2 - Instance pass
    # Field 3 - Rman User Name
    # Field 4 - Rman Passwd
    # Field 5 - Rman Repository
    #
    db1:db1pass:rman:rman:rcvcat_db
    db2:db2pass:rman:rman:rcvcat_db
    db3:db3pass:rman:rman:rcvcat_db
    #
    #


    HTH
    Santosh

  8. #8
    Join Date
    Nov 2000
    Posts
    25
    hi

    Please refer to one of my prevoius posting for the sample scripts stored in repository mentioned in above posting.

    [url]http://ora.dbasupport.com/forums/showthread.php?threadid=4351[/url]


    HTH
    Santosh

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  



Click Here to Expand Forum to Full Width