content top

EM12c: How to Retrieve Passwords from the Named Credentials

In my previous post, I have showed how to list all named credentials in Enterprise Manager Cloud Control. As you see, it was not possible using regular user interface, so we connected to the repository database to get the information. Now let’s keep digging and see if we can retrieve “encrypted information” saved in named credentials.

The username, password and role information of named credentials are stored in em_nc_cred_columns table. When we examine it, we can see that there’s one-to-many relation with em_nc_creds using target_guid column, and the sensitive information are stored in cred_attr_value column. That column is encrypted using em_crypto package. The encryption algrotim uses a secret key which is stored in “Admin Credentials Wallet” and a salt (random data for additional security). The wallet file is located in $MIDDLEWARE_HOME/gc_inst/em/EMGC_OMS1/sysman/config/adminCredsWallet/cwallet.sso) and the salt data can be found in cred_salt column of the em_nc_cred_columns table. Here’s what it looks like:

encrypted_credentials

To decrypt the information, we need to call the decrypt in em_crypto package, but if we call it without opening the wallet, we get the following error:

Read More

EM12c: How to View All of the Credentials Exist for All Users

In another question on OTN forum, someone says that there are multiple (EM12c) users and they can create their own credentials. They ask how to view all of the credentials that exist for all users. A valid answer is already given: An EM administrator, including sysman, cannot view the named credentials owned by other administrators unless an explicit grant is provided.

namecred1

Read More

EM12c: Using Metric Extensions to Generate Composite Alerts

There was a question on OTN forums about how to generate alerts based on two different metrics. The user wants to get alert only if the warning threshold is over 80% “AND” there is less then 20Gb of free space of a tablespace. So he doesn’t want to get alert if the tablespace is over %80 full but still has 100GB free space. Of course, he can set different thresholds for each tablespace: He can set percentage threshold for small tablespaces and set free space threshold for bigger ones. I do not know how many databases he monitors but if he’s managing lots of DBs, this could be a time consuming task.

So how can we solve it? EM12c doesn’t let you generate an alert based on two different metrics. For these situations, you can create metric extensions. All you need is to query mgmt$alert_current and see if two alerts occurred for same target. Examine the following SQL:

Read More

Enterprise Management Agent Host Credentials for PAM and LDAP

We use LDAP users to install oracle software. In my humble opinion, it’s not a good approach because if the server can not communicate with LDAP service, Oracle gets errors when spawning new processes. We have already started to switch our oracle users from LDAP authentication to local users, but this is not the subject of this blog post. Using LDAP for authentication, also affects Enterprise Manager agents. When I try to create a named credential, EM agent can not verify the user/password, although I used the same user/password information to deploy the agents :)

pamerror

Here’s the log generated by the agent:

Read More

How to Set Axis Max Value of AnyChart in APEX Dynamically

I just created a one-page APEX application to show performance chart of our main production server based on Active Session History data. We publish it on a big monitor so we can see the performance chart during the day. It’s not a big deal but it’s really useful. I used 2D stacked column chart and make the chart simple (contains only 3 colors: green for CPU, blue for user IO and orange for all other waits) like the ones you see on EM12c database home pages. Original chart:

activity

Read More
Page 1 of 3212345...Last »
content top