Oracle Listener Password Setting method (LISTENER) _oracle

The listener also has security? sure! By default, any user does not need to use any password to operate or close the Oracle listener through the LSNRCTL tool, causing any new sessions to fail to establish a connection. Oracle listeners in Oracle 9i allow anyone to use LSNRCTL to remotely initiate the management of listeners. It is also easy to cause the database to be corrupted.

1. Stop listening without setting the password

[Oracle@test ~]$ lsnrctl stop listener_demo92  --> stops listening, you can see that no password is required to stop 
                                              
Lsnrctl for linux:version 9.2.0.8.0- Production on 26-jun-2011 08:22:26          
                                              
Copyright (c) 1991, 2006, Oracle Corporation. All rights reserved.             
                                              
Connecting to (description= address= (protocol=tcp) (host=test) (port=1521))         

2. Restart the listener and set the password

[Oracle@test ~]$ Lsnrctl Lsnrctl for linux:version 9.2.0.8.0-production on 26-jun-2011 08:24:09 Copyrigh T (c) 1991, 2006, Oracle Corporation.                            
                                                             
All rights reserved.	                                    
Welcome to Lsnrctl, type ' help ' for information. Lsnrctl> set Current_listener listener_demo92--> set current listener present listener is listener_d                         
emo92 lsnrctl> start--> boot process also does not require any password, the startup details are omitted                                                       
lsnrctl> Change_password--> use Change_password to set password old password: New Password:reenter NE                      W Password:                             
Connecting to (description= address= (protocol=tcp) (host=test) (port=1521))                                            
Password changed for listener_demo92 the command completed successfully                                 
lsnrctl> save_config--> Note the save_config failure here Connecting to (Description= (address= (protocol=tcp) (host=test) (port=1521)) tns-01169:the l                                    
Istener has not recognized the password lsnrctl> set password--> enter new password authentication password:the Command completed                                     
Successfully lsnrctl> Save_config--> again save_config success Connecting to (Address= (PROTOCOL=TCP) (host=test) (port=1521)) Sa Ved listener_demo92 confIguration parameters. Listener Parameter File/oracle/92/network/admin/listener.ora Old Parameter FILE/ORACLE/9                                            
                                                             
2/network/admin/listener.bak the command completed successfully --> add password, you can see a new record in the Listener.ora file, that is, the secret Code Options (Note: Although password management can still be used without a password to start listening) [Oracle@test admin]$ more Listener.ora #----ADD                                               
	ED by Tnslsnr 26-jun-2011 05:12:48---passwords_listener_demo92 = #--------------------------------------------

3. To stop listening without using a password

[Oracle@test ~]$ lsnrctl stop listener_demo92                        
lsnrctl for linux:version 9.2.0.8.0-production on 26-JUN-2011 06:09:5 1          
Copyright (c) 1991, 2006, Oracle Corporation. All rights reserved.             
                                              
Connecting to (Address= (PROTOCOL=TCP) (host=test) (port=1521)) Tns-01169:the listener description=         
Recognized the password  --> received an error message that requires a password authentication

4. Use Password to stop listening

[Oracle@test ~]$ lsnrctl lsnrctl> set Current_listener listener_demo92 Cu Rrent Listener is listener_demo92 lsnrctl> stop connecting to (D            
Escription= (address= (protocol=tcp) (host=test) (port=1521)) Tns-01169:the Listener not has the recognized lsnrctl> Set Password password:the command com pleted successfully lsnrctl> stop connecting to description= (A Ddress= (PROTOCOL=TCP) (host=test) (port=1521)) The command completed successfully lsnrctl> STA Tus connecting to (description= address= (protocol=tcp) (host=test) (port=1521)) TNS-1254 1:tns:no Listener Tns-12560:tns:protocol Adapter error Tns-00511:no L                 Istener           
  Linux Error:111:connection refused connecting to (description= address= (PROTOCOL=IPC) (                     
 KEY=EXTPROC)) Tns-12541:tns:no Listener Tns-12560:tns:protocol Adapter Error	                 
 Tns-00511:no listener Linux error:2: No such file or directory

5. The problem of save_config failure

--> in Oracle 9i, using the Save_config command will fail                                     
	lsnrctl> Save_config connecting to (description= (                                                 
	PROTOCOL=TCP) (host= 
 

6. Configure admin_restrictions parameters in Listener.ora

Parameter function:
When the Admin_restrictions parameter is set in the Listener.ora file, no administrative command is allowed while the listener is running, and the SET command is not available
, either locally on the server or remotely. At this time for the monitoring settings only by manually modifying the Listener.ora file, to make the changes effective, can only
Reload the listener configuration information again using the Lsnrctl reload command or the Lsnrctl stop/start command.
To modify the method:
Manually join the following line in the Listener.ora file
admin_restrictions_< Listener Name > = ON

The following are additional users:

Lsnrctl> change_password
Old password:
New password:
Reenter new password:
Connecting to (Address= (PROTOCOL=TCP) (HOST=ECP-UC-DB1) (port=1521))
Password changed for LISTENER
The command completed successfully
lsnrctl> set password
Password:
the command completed Successfully
Lsnrctl> save_config
Connecting to description= (address= (protocol=tcp) (HOST= ECP-UC-DB1) (port=1521))
Saved LISTENER configuration parameters.
Listener Parameter file/opt/oracle/product/10.2.0/db_1/network/admin/listener.ora
Old Parameter file/opt/oracle /product/10.2.0/db_1/network/admin/listener.bak
The command completed successfully
[ORACLE@ECP-UC-DB1 admin] $ cat Listener.ora
#--added by Tnslsnr 10-jun-2011 18:13:24-
passwords_listener = 6d7aa003392c436a
# —————————————— – Add (restart listening) on the
note:10g database
local_os_authentication_listener = off

1, add Local_os_authentication_listener = off before

Security On:password or local OS authentication

2, add Local_os_authentication_listener = Off

Security On:password
lsnrctl> status
Connecting to (description= address= (protocol=tcp) (HOST=ECP-UC-DB1) (port=1521))
Tns-01169:the Listener has not recognized the password
Lsnrctl> stop
Connecting to (description= address= (protocol=tcp) (HOST=ECP-UC-DB1) (port=1521))
Tns-01169:the Listener has not recognized the password
Lsnrctl>Set Password 123456
The command completed successfully
lsnrctl> status
Connecting to (description= address= (protocol=tcp) (HOST=ECP-UC-DB1) (port=1521))
STATUS of the LISTENER
————————
Alias LISTENER
Version Tnslsnr for Linux:version 10.2.0.4.0–production
Start Date 10-jun-2011 18:15:49
Uptime 0 days 0 hr. 1 min sec
Trace level off
Security On:password
SNMP off
Listener Parameter File/opt/oracle/product/10.2.0/db_1/network/admin/listener.ora
Listener Log File/opt/oracle/product/10.2.0/db_1/network/log/listener.log
Listening Endpoints Summary ...
(Description= (address= (protocol=tcp) (HOST=ECP-UC-DB1) (port=1521))
(Description= (address= (PROTOCOL=IPC) (KEY=EXTPROC0))
Services Summary ...
Service "Plsextproc" has 1 instance (s).
Instance "Plsextproc", Status UNKNOWN, has 1 handler (s) for the This service ...
Service "ECP" has 1 instance (s).
Instance "ECP", Status READY, has 1 handler (s) for the This service ...
Service "Ecpxdb" has 1 instance (s).
Instance "ECP", Status READY, has 1 handler (s) for the This service ...
Service "ECP_XPT" has 1 instance (s).
Instance "ECP", Status READY, has 1 handler (s) for the This service ...
The command completed successfully