This short paper shows you how you can set a password for the Oracle listener. These passwords can be set either encrypted or unencrypted. Obviously I would not recommend setting clear text passwords. Whilst in some cases these can be made reasonably secure the problem is that a password is stored in clear text in a file. For completeness I will show both methods:
Setting an Oracle listener password in clear text
The listener password can be set in clear text as follows: (It should be noted that it is possible to set more than one listener password in this way.)
Open the $ORACLE_HOME/network/admin/listener.ora file and locate the name of your listener. For instance my listener has the default name LISTENER. I can see this in the following lines:
LISTENER =
(DESCRIPTION_LIST =
It is the line starting LISTENER= . Simply add a line to this file with the following format:
PASSWORDS_{LISTENER_NAME}=somesecretpassword
i.e in my case if the listener is called LISTENER then:
PASSWORDS_LISTENER=somesecretpassword
You can also set multiple passwords as follows:
PASSWORDS_LISTENER=(somesecretpassword,anothersecret)
Setting an encrypted Oracle listener password
Anyway as I said this is not the best way to secure your listener. It should be done with an encrypted password as follows:
C:\oracle\ora90\network\admin>lsnrctl
LSNRCTL for 32-bit Windows: Version 9.2.0.1.0 - Production on 24-FEB-2004 11:27:
55
Copyright (c) 1991, 2002, Oracle Corporation. All rights reserved.
Welcome to LSNRCTL, type "help" for information.
LSNRCTL> set current_listener listener
Current Listener is listener
LSNRCTL> change_password
Old password:
New password:
Reenter new password:
Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=IPC)(KEY=EXTPROC0)))
Password changed for listener
The command completed successfully
LSNRCTL> set password
Password:
The command completed successfully
LSNRCTL> save_config
Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=IPC)(KEY=EXTPROC0)))
Saved LISTENER configuration parameters.
Listener Parameter File C:\oracle\ora90\network\admin\listener.ora
Old Parameter File C:\oracle\ora90\network\admin\listener.bak
The command completed successfully
LSNRCTL>
You must save the configuration after setting the password otherwise it will be lost. Also you can check what was generated by looking in the listener.ora file. This is what was generated from the above commands:
#----ADDED BY TNSLSNR 24-FEB-2004 11:29:18---
PASSWORDS_LISTENER = F0354118688257FB
#--------------------------------------------
Should you want to remove the listener password do the following:
C:\oracle\ora90\network\admin>lsnrctl
LSNRCTL for 32-bit Windows: Version 9.2.0.1.0 - Production on 24-FEB-2004 11:32:
05
Copyright (c) 1991, 2002, Oracle Corporation. All rights reserved.
Welcome to LSNRCTL, type "help" for information.
LSNRCTL> set password
Password:
The command completed successfully
LSNRCTL> stop
Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=IPC)(KEY=EXTPROC0)))
The command completed successfully
LSNRCTL>
Edit the listener.ora file to remove the lines added above and restart the listener as follows:
C:\oracle\ora90\network\admin>lsnrctl
LSNRCTL for 32-bit Windows: Version 9.2.0.1.0 - Production on 24-FEB-2004 11:33:
34
Copyright (c) 1991, 2002, Oracle Corporation. All rights reserved.
Welcome to LSNRCTL, type "help" for information.
LSNRCTL> start
Starting tnslsnr: please wait...
TNSLSNR for 32-bit Windows: Version 9.2.0.1.0 - Production
System parameter file is C:\oracle\ora90\network\admin\listener.ora
Log messages written to C:\oracle\ora90\network\log\listener.log
Listening on: (DESCRIPTION=(ADDRESS=(PROTOCOL=ipc)(PIPENAME=\\.\pipe\EXTPROC0ipc
)))
Listening on: (DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=zulia)(PORT=1521)))
Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=IPC)(KEY=EXTPROC0)))
STATUS of the LISTENER
------------------------
Alias LISTENER
Version TNSLSNR for 32-bit Windows: Version 9.2.0.1.0 - Produc
tion
Start Date 24-FEB-2004 11:33:38
Uptime 0 days 0 hr. 0 min. 2 sec
Trace Level off
Security OFF
SNMP OFF
Listener Parameter File C:\oracle\ora90\network\admin\listener.ora
Listener Log File C:\oracle\ora90\network\log\listener.log
Listening Endpoints Summary...
(DESCRIPTION=(ADDRESS=(PROTOCOL=ipc)(PIPENAME=\\.\pipe\EXTPROC0ipc)))
(DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=zulia)(PORT=1521)))
Services Summary...
Service "PLSExtProc" has 1 instance(s).
Instance "PLSExtProc", status UNKNOWN, has 1 handler(s) for this service...
Service "sans" has 1 instance(s).
Instance "sans", status UNKNOWN, has 1 handler(s) for this service...
The command completed successfully
LSNRCTL>
That's it!, you should always protect your listener with a password. This is a basic security requirement. If the listener is not password protected then it can be shutdown remotely or have its configuration change or could be used to hack your server
No comments:
Post a Comment