Oracle Consulting Oracle Training Oracle Support Development
Home
Catalog
Oracle Books
SQL Server Books
IT Books
Job Interview Books
eBooks
Rampant Horse Books
911 Series
Pedagogue Books

Oracle Software
image
Write for Rampant
Publish with Rampant
Rampant News
Rampant Authors
Rampant Staff
 Phone
 800-766-1884
Oracle News
Oracle Forum
Oracle Tips
Articles by our Authors
Press Releases
SQL Server Books
image
image

Oracle 11g Books

Oracle tuning

Oracle training

Oracle support

Remote Oracle

STATSPACK Viewer

Privacy Policy

 

   
 

Oracle Tips by Burleson

Encrypted listener Passwords

The other option in specifying the password of the listener is to record the password encrypted in the parameter file. This is done by recording the configuration changes automatically in the parameter file as described below.

The password has to be specified on the prompt as follows.

LSNRCTL> set password
Password: Enter t0p53cr3t here; it will not be displayed.
The command completed successfully
LSNRCTL> stop

The other method of setting the password is through the parameter file. In the file listener.ora, insert the following line.

passwords_listener = t0p53cr3t

To specify passwords for other listeners, use the name appended to the word passwords above. For example,

passwords_listener1 = t0p53cr3t

sets the password for listener1. In this method, setting the password has to be passed in one line such as:

LSNRCTL> set password t0p53cr3t

The method of getting a prompt and entering the non-displayed password will not work.

However, when the password is changed in the case where the password is explicitly mentioned in the parameter file, the operation will never be successful.

LSNRCTL> set password manager1
The command completed successfully

LSNRCTL> set save_config_on_stop on
Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=IPC)(KEY=EXTPROC)))
LISTENER parameter "save_config_on_stop" set to ON
The command completed successfully
LSNRCTL> set password t0p53cr3t
The command completed successfully
LSNRCTL>

The commands will instruct the listener to save the configuration to the file after stopping the listener, as mentioned by the command set save_config_on_stop on. This will place the following lines in the file listener.ora

#----ADDED BY TNSLSNR 05-JUL-2003 00:12:48---
SAVE_CONFIG_ON_STOP_LISTENER = ON
#--------------------------------------------

#----ADDED BY TNSLSNR 05-JUL-2003 00:13:49---
PASSWORDS_LISTENER = 8D5438362F7F2951
#--------------------------------------------

Note how the password has been recorded in the file, but in an encrypted manner.

In this setup, where the encrypted password is mentioned in the parameter file, setting the password is like the case where the password is not specified in the parameter file.

How to Check If the Password is Set

From the listener control prompt, issue the command STATUS. If the Security setting is shown as ON, then the password is set for the listener. This is shown below with the relevant display indicated by a sign E.

LSNRCTL> status
Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=ANANDA)(PORT=1521)))
STATUS of the LISTENER
------------------------
Alias                     LISTENER
Version                   TNSLSNR for 32-bit Windows: Version 9.2.0.1.0 -
Produc
tion
Start Date                05-JUL-2003 15:23:19
Uptime                    0 days 6 hr. 24 min. 56 sec
Trace Level               off
Security                  ON
E
SNMP                      OFF
Listener Parameter File   d:\ora9\network\admin\listener.ora
Listener Log File         d:\ora9\network\log\listener.log
Services Summary...
  ANANDA                has 1 service handler(s)
  ANANDA                has 2 service handler(s)
  ANANDA                has 2 service handler(s)
The command completed successfully

If the password is specified in the parameter file in clear text, then the user must enter his or her password at the LSNRCTL prompt:

LSNRCTL> set password password

But if the password is changed through the CHANGE_PASSWORD command, and there is no mention of password in the parameter file, or the parameter file has an encrypted password due to the save on stop parameter, the password has to be entered from the prompt as follows

LSNRCTL> set password
Password: <password>

These idiosyncrasies are not well documented in any Oracle manual and therefore should be considered while managing listener passwords.



 


Download your Oracle scripts now:

www.oracle-script.com

The definitive Oracle Script collection for every Oracle professional DBA

 

Linux Oracle commands syntax poster

ION Oracle tuning software

Oracle data dictionary reference poster



Oracle Forum

BC Oracle consulting support training

BC remote Oracle DBA   

 

   

 Copyright © 1996 -2016 by Burleson. All rights reserved.


Oracle® is the registered trademark of Oracle Corporation. SQL Server® is the registered trademark of Microsoft Corporation. 
Many of the designations used by computer vendors to distinguish their products are claimed as Trademarks