 |
|
Oracle Tips by Burleson |
Encrypted listener Passwords
The other option in specifying the password of
the listener is to record the password encrypted in the parameter
file. This is done by recording the configuration changes
automatically in the parameter file as described below.
The password has to be specified on the prompt as
follows.
LSNRCTL> set
password
Password: Enter t0p53cr3t here; it will not be displayed.
The command completed successfully
LSNRCTL> stop
The other method of setting the password is
through the parameter file. In the file listener.ora, insert the
following line.
passwords_listener = t0p53cr3t
To specify passwords for other listeners, use
the name appended to the word passwords above. For example,
passwords_listener1 = t0p53cr3t
sets the password for listener1. In this
method, setting the password has to be passed in one line such as:
LSNRCTL> set password
t0p53cr3t
The method of getting a prompt and entering the
non-displayed password will not work.
However, when the password is changed in the
case where the password is explicitly mentioned in the parameter
file, the operation will never be successful.
LSNRCTL> set password manager1
The command completed successfully
LSNRCTL> set
save_config_on_stop on
Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=IPC)(KEY=EXTPROC)))
LISTENER parameter "save_config_on_stop" set to ON
The command completed successfully
LSNRCTL> set password t0p53cr3t
The command completed successfully
LSNRCTL>
The commands will instruct the listener to save
the configuration to the file after stopping the listener, as
mentioned by the command set save_config_on_stop on. This will place the following lines in the file listener.ora
#----ADDED BY TNSLSNR 05-JUL-2003 00:12:48---
SAVE_CONFIG_ON_STOP_LISTENER = ON
#--------------------------------------------
#----ADDED BY TNSLSNR 05-JUL-2003 00:13:49---
PASSWORDS_LISTENER = 8D5438362F7F2951
#--------------------------------------------
Note how the password has been recorded in the
file, but in an encrypted manner.
In this setup, where the encrypted password is
mentioned in the parameter file, setting the password is like the
case where the password is not specified in the parameter file.
How to Check If the
Password is Set
From the listener control prompt, issue the
command STATUS. If the Security setting is shown as ON, then the
password is set for the listener. This is shown below with the
relevant display indicated by a sign
E.
LSNRCTL>
status
Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=ANANDA)(PORT=1521)))
STATUS of the LISTENER
------------------------
Alias LISTENER
Version TNSLSNR for 32-bit Windows: Version
9.2.0.1.0 -
Produc
tion
Start Date 05-JUL-2003 15:23:19
Uptime 0 days 6 hr. 24 min. 56 sec
Trace Level off
Security ON
E
SNMP OFF
Listener Parameter File
d:\ora9\network\admin\listener.ora
Listener Log File
d:\ora9\network\log\listener.log
Services Summary...
ANANDA has 1 service handler(s)
ANANDA has 2 service handler(s)
ANANDA has 2 service handler(s)
The command completed successfully
If the password is specified in the parameter
file in clear text, then the user must enter his or her password at
the LSNRCTL prompt:
LSNRCTL> set
password password
But if the password is changed through the
CHANGE_PASSWORD command, and there is no mention of password in the
parameter file, or the parameter file has an encrypted password due
to the save on stop parameter, the password has to be entered from
the prompt as follows
LSNRCTL> set password
Password: <password>
These idiosyncrasies are not well documented in
any Oracle manual and therefore should be considered while managing
listener passwords.
|
Download your Oracle scripts now:
www.oracle-script.com
The
definitive Oracle Script collection for every Oracle professional DBA
|
|
