Setting the Password
Setting
a password for listener is the least security you should maintain for
it. By default, it doesn't have any password and many DBAs simply do not
create one. Part of the reason is the perceived complexity in
specifying and using a password. This lesson hopefully will repel that
myth.
If
a password is set for the listener, you will need to supply a correct
password for any command other than START, STATUS and HELP. When the
listener is first created, there is no password. The password is set by
the command from LSNRCTL prompt:
LSNRCTL> change_password
This
will prompt for the old and new passwords; and when entered, they are
not displayed on the screen. When the listener is initially created, the
password is not set, or null. So, just press the return key when
prompted for the old password.
Once
the passwords are changed, you have to supply the password before doing
any administrative work such as changing a parameter or stopping the
listener. The password is set by the command SET PASSWORD
<password>. For instance, to stop the listener, you would use the
following commands in LSNRCTL utility, assuming the password is
t0p53r3t:
LSNRCTL> set password
Password: Enter <password> here; it will not be displayed.
The command completed successfully
LSNRCTL> stop
Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=PROLIGENCE1)(PORT=1521)))
The command completed successfully
LSNRCTL>
LSNRCTL> set password g3#@657
LSNRCTL> stop
Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=IPC)(KEY=EXTPROC)))
TNS-01169: The listener has not recognized the password
LSNRCTL>
The password has to be specified on the prompt as follows:
LSNRCTL> set password
Password: Enter g3#@657 here; it will not be displayed.
The command completed successfully
LSNRCTL> stop
The other method of setting the password is through the parameter file. In the file listener.ora, place the following line:
passwords_listener = g3#@657
To specify passwords for other listeners, use the name appended to the word passwords above, for example
passwords_listener1 = g3#@657
sets the password for listener1. This method of setting the password has to be passed in one line such as:
LSNRCTL> set password g3#@657
The other method of getting a prompt and entering the non-displayed password will not work.
However,
when the password is changed in the case when the password is
explicitly mentioned in the parameter file, the operation will never be
successful.
LSNRCTL> set password manager1
The command completed successfully
LSNRCTL> change_password
Old password:
New password:
Reenter new password:
Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=DBDEV1)(PORT=1526)))
TNS-01169: The listener has not recognized the password
LSNRCTL> set password
Password:
The command completed successfully
LSNRCTL> change_password
Old password:
New password:
Reenter new password:
Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=DBDEV1)(PORT=1526)))
TNS-01169: The listener has not recognized the password
LSNRCTL>
Regardless
of how you enter the password, through a single line or on the prompt,
the change will not be successful. To change the password, you have to
remove the line passwords_listener in the file listener.ora and then
change the password.
Encrypted Passwords
The
other option in specifying the password of the listener is to record
the password encrypted in the parameter file. This is done by recording
the configuration changes automatically in the parameter file as
described below:
LSNRCTL> set save_config_on_stop on
Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=IPC)(KEY=EXTPROC)))
LISTENER parameter "save_config_on_stop" set to ON
The command completed successfully
LSNRCTL> set password g3#@657
The command completed successfully
How to Check If the Password is Set
LSNRCTL> status
Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=ANANDA)(PORT=1521)))
STATUS of the LISTENER
------------------------
Alias LISTENER
Version TNSLSNR for 32-bit Windows: Version 9.2.0.1.0 - Production
Start Date 05-JUL-2003 15:23:19
Uptime 0 days 6 hr. 24 min. 56 sec
Trace Level off
Security ON
SNMP OFF
Listener Parameter File oracle_home\network\admin\listener.ora
Listener Log File oracle_home\network\log\listener.log
Services Summary...
DBCEO has 1 service handler(s)
DBCEO has 2 service handler(s)
DBCEO has 2 service handler(s)
The command completed successfully
LSNRCTL>