Searching...

Oracle Listener Security

Article #ETMD194

It is important to provide security through a password for the listener. With a
password, privileged operations, such as saving configuration changes or stopping
the listener, used from the Listener Control utility will require a password.

Use the Listener Control utility’s CHANGE_PASSWORD command or Oracle Net Manager to
set or modify an encrypted password in the PASSWORDS_listener_name parameter in the
listener.ora file. If the PASSWORDS_listener_name parameter is set to an unencrypted
password, you must manually remove it from the listener.ora file prior to modifying
it. If the unencrypted password is not removed, you will be unable to successfully
set an encrypted password.

If the PASSWORDS_listener_name parameter is set in the listener.ora file or the
CHANGE_PASSWORD command has been used to create a new, encrypted password, then the
Listener Control utility will require a SET PASSWORD command prior to any protected
command, such as STOP.

—————————————————————————————————–

Note:
If you are administering the listener remotely over an insecure network and require
maximum security, configure the listener with a secure protocol address that uses
the TCP/IP with SSL protocol. If the listener has multiple protocol addresses,
ensure that the TCP/IP with SSL protocol address is listed first in the listener.ora
file.

—————————————————————————————————–

The following shows a new password of lsnrc9i being set:

(got to a cmd prompt, type lsnrctl)

LSNRCTL> CHANGE_PASSWORD
Old password:
New password: lsnrc9i
Reenter new password: lsnrc9i
Connecting to (ADDRESS=(PROTOCOL=ipc)(KEY=iris))
Password changed for LISTENER
The command completed successfully
LSNRCTL> SAVE_CONFIG
The command completed successfully

Please note that you may have to run the set password command prior to executing the
privileged operation SAVE_CONFIG.

Example
LSNRCTL> SET PASSWORD
Password: lnrc9i
The command completed successfully

So the modified example to change the listener password would be:
LSNRCTL> CHANGE_PASSWORD
Old password:
New password: lsnrc9i
Reenter new password: lsnrc9i
Connecting to (ADDRESS=(PROTOCOL=ipc)(KEY=iris))
Password changed for LISTENER
The command completed successfully
LSNRCTL> SET PASSWORD
Password: lsnrc9i
The command completed successfully
LSNRCTL> SAVE_CONFIG
The command completed successfully

Published on January 7, 2003  |  Updated on August 19, 2021
Tagged:

Related Articles

Need Support?
Can't find the answer you're looking for? Don't worry we're here to help!
CONTACT SUPPORT