7 Replies Latest reply: Aug 23, 2011 10:29 AM by user7952608 RSS

    Change Wallet password via sqlplus

    Jeff Chirco
      Is there a way to change the wallet password through SQLPlus? I can't find any documentation for changing the password in this way. I created the wallet and password using this command:
      alter system set wallet open identified by "password1";

      I don't want to use Wallet manager or orapki because there is a bug with them for 11.2.0.1 in which is corrupts your wallet. The solution is to upgrade to 11.2.0.2 but I am not ready for that yet.
      Doc 1301365.1 point #3
      BUG 9215461
        • 1. Re: Change Wallet password via sqlplus
          855823
          in 11g: (orapki tool)

          orapki wallet change_pwd [-wallet [wallet_location]] [-oldpwd oldpassword] [-newpwd newpassword]

          http://download.oracle.com/docs/cd/E12839_01/core.1111/e10105/walletmgr.htm#CJGJHIGD

          example:

          http://www.dbaglobe.com/2011/05/change-wallet-password-using-orapki.html
          • 2. Re: Change Wallet password via sqlplus
            Jeff Chirco
            I said I do not want to use orapki because of the fact that it corrupts your wallet.
            • 3. Re: Change Wallet password via sqlplus
              Peter Wahl-Oracle
              Can you point me to the bug you are referring to where OWM and/or orapki corrupt the wallet? I have never heard about this, and yes, orapki or OWM are your only choices.

              Peter
              • 4. Re: Change Wallet password via sqlplus
                Jeff Chirco
                Look at my original post, it has the doc ID and bug number from Oracle Support.
                • 5. Re: Change Wallet password via sqlplus
                  855823
                  and where exactly in that bug says that Wallet manager or orapki corrupts wallet ?? :-)
                  • 6. Re: Change Wallet password via sqlplus
                    Jeff Chirco
                    From Doc 1301365.1

                    >
                    3. Modifying the wallet with OWM or orapki leads to various errors: ORA-600 [ZTSMSTORE FAILED], ORA-28368, ORA-28367, ORA-28362
                    It is sometimes needed to modify the TDE wallet manually, using OWM or orapki, in order to change the wallet password or to make it auto login.
                    As a result, subsequent wallet access would fail with one of the errors
                    ORA-600 [ZTSMSTORE FAILED], ORA-28368, ORA-28367, ORA-28362
                    The issue affects all Oracle releases using TDE.

                    >

                    Ok it doesn't use the word corrupt but to that is basically what it does because you are unable to open the wallet after OWM or orpki is used. You have to restore your wallet from a backup.
                    • 7. Re: Change Wallet password via sqlplus
                      user7952608
                      We are running into the same issue. We are on 11.2.0.1 on linux x86-64. We were intending to implement TDE, but found out the known limitations with TDE on 11.2.0.1 were too extreme to feel comfortable enabling this (see Known TDE Wallet Issues [ID 1301365.1]). We also need to update to 11.2.0.2, but because we have a Grid infrastructure and 4-node cluster, the downtime would be extreme to perform the patching. We have a ticket open with oracle to provide patches on 11.2.0.1, but there is no ETA.

                      There are a few patches that address the ability to recreate the wallet, however applying these patches, caused me to run into the wallet corruption issue where OWM and orapki no longer recognize the password, even though that same password can close and open the wallet correctly from sqlplus.

                      So at the moment, we are dead in the water on enabling TDE due to these limitations. Our options are to update to 11.2.0.2, or wait for the 11.2.0.1 patches.