Search This Blog

Monday, January 21, 2013

How to Password Protect Listener in 11g ? 


As per Oracle Documentation from Oracle 11g Release 2 (11.2), the password feature is being deprecated.
This does not cause a loss of security because authentication is enforced through local operating
system authentication.

If remote administration of listener is required, then use one of the following methods to
connect to and administer the listener.

1) Connect to the host where listener is running using SSH or other secure method.
2) Use Oracle Enterprise Manager to adminster the listener.


Listener Name: prod

Log in to the listener control utility.

[oracle@canada ~]$ lsnrctl

#Select listener name.

LSNRCTL> set current_listener prod
Current Listener is prod

#Change password(press enter for old password).

LSNRCTL> change_password
Old password: 
New password: 
Reenter new password: 
Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=canada.example.com)(PORT=1521)))
Password changed for prod
The command completed successfully

#Save the configuration.

LSNRCTL> save_config
Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=canada.example.com)(PORT=1521)))
Saved prod configuration parameters.
Listener Parameter File   /u01/app/oracle/product/11.2.0/db_1/network/admin/listener.ora
Old Parameter File   /u01/app/oracle/product/11.2.0/db_1/network/admin/listener.bak
The command completed successfully


In listener.ora file insert the following line.
LOCAL_OS_AUTHENTICATION_PROD=OFF

#Restart the listener.

[oracle@canada ~]$ lsnrctl

LSNRCTL for Linux: Version 11.2.0.1.0 - Production on 04-JAN-2013 11:43:43

Copyright (c) 1991, 2009, Oracle.  All rights reserved.

Welcome to LSNRCTL, type "help" for information.

LSNRCTL> set current_listener prod
Current Listener is prod

LSNRCTL> stop
Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=canada.example.com)(PORT=1521)))
The command completed successfully

LSNRCTL> start
Starting /u01/app/oracle/product/11.2.0/db_1/bin/tnslsnr: please wait...

TNSLSNR for Linux: Version 11.2.0.1.0 - Production
System parameter file is /u01/app/oracle/product/11.2.0/db_1/network/admin/listener.ora
Log messages written to /u01/app/oracle/diag/tnslsnr/canada/prod/alert/log.xml
Listening on: (DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=canada.example.com)(PORT=1521)))

Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=canada.example.com)(PORT=1521)))
STATUS of the LISTENER
------------------------
Alias                     prod
Version                   TNSLSNR for Linux: Version 11.2.0.1.0 - Production
Start Date                04-JAN-2013 11:43:59
Uptime                    0 days 0 hr. 0 min. 0 sec
Trace Level               off
Security                  ON: Password
SNMP                      OFF
Listener Parameter File   /u01/app/oracle/product/11.2.0/db_1/network/admin/listener.ora
Listener Log File         /u01/app/oracle/diag/tnslsnr/canada/prod/alert/log.xml
Listening Endpoints Summary...
  (DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=canada.example.com)(PORT=1521)))
Services Summary...
Service "dell" has 1 instance(s).
  Instance "dell", status UNKNOWN, has 1 handler(s) for this service...
The command completed successfully

#At this stage the password has been successfully implemented.
#Stopping a listener at this stage will result in an TNS error.

LSNRCTL> stop
Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=canada.example.com)(PORT=1521)))
TNS-01169: The listener has not recognized the password


#To stop it set the password.

LSNRCTL> set password
Password: 
The command completed successfully

LSNRCTL> stop
Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=canada.example.com)(PORT=1521)))
The command completed successfully

LSNRCTL> start
Starting /u01/app/oracle/product/11.2.0/db_1/bin/tnslsnr: please wait...

TNSLSNR for Linux: Version 11.2.0.1.0 - Production
System parameter file is /u01/app/oracle/product/11.2.0/db_1/network/admin/listener.ora
Log messages written to /u01/app/oracle/diag/tnslsnr/canada/prod/alert/log.xml
Listening on: (DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=canada.example.com)(PORT=1521)))

Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=canada.example.com)(PORT=1521)))
STATUS of the LISTENER
------------------------
Alias                     prod
Version                   TNSLSNR for Linux: Version 11.2.0.1.0 - Production
Start Date                04-JAN-2013 11:44:51
Uptime                    0 days 0 hr. 0 min. 0 sec
Trace Level               off
Security                  ON: Password
SNMP                      OFF
Listener Parameter File   /u01/app/oracle/product/11.2.0/db_1/network/admin/listener.ora
Listener Log File         /u01/app/oracle/diag/tnslsnr/canada/prod/alert/log.xml
Listening Endpoints Summary...
  (DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=canada.example.com)(PORT=1521)))
Services Summary...
Service "dell" has 1 instance(s).
  Instance "dell", status UNKNOWN, has 1 handler(s) for this service...
The command completed successfully
Posted by Ajay Singh Chandi at 12:03 AM
Labels: , , ,

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)