Please see my other blog for Oracle EBusiness Suite Posts - EBMentors

Search This Blog

Note: All the posts are based on practical approach avoiding lengthy theory. All have been tested on some development servers. Please don’t test any post on production servers until you are sure.

Sunday, December 19, 2010

Password protected listener

Listener Intro:
The Oracle Database Listener is the database server software component that manages the network traffic between the Oracle Database and the client. The Oracle Database Listener listens on a specific network port (default 1521) and forwards network connections to the Database.
The Listener is comprised of two binaries: (1) tnslsnr which is the Listener itself and (2) the Listener Control Utility (lsnrctl) which is used to administer the Listener on the server or remotely.

LISTENER MODES
Database          Provides network access to an Oracle database instance
PLSExtProc     Method for PL/SQL packages to access operating system executables
Executable       Provides network access to operating system executables
The "Database" mode is the most widely used mode and is the standard mode used by every database for connectivity. "PLSExtProc" allows PL/SQL database packages to access external programs and is configured by default for many instances. "Executable" mode allows an external program to be defined and accessed through a TNS connection. There is little documentation on this mode and is almost exclusively used by Oracle products, such as the Oracle E-Business Suite and Oracle Collaboration Suite.

Protect
In Oracle 10g and newer versions of the listener, the listener is secure out of the box. There should be no need to set a listener password to prohibit privileged LSNRCTL commands from being executed.
But if you want to manager  listener remotely then you can do the following configuration.

C:\Documents and Settings\inam>lsnrctl

LSNRCTL for 32-bit Windows: Version 10.2.0.1.0 - Production on 19-DEC-2010 12:36:20

Copyright (c) 1991, 2005, Oracle.  All rights reserved.

Welcome to LSNRCTL, type "help" for information.

LSNRCTL> set current_listener lsnrfradb
Current Listener is lsnrfradb
LSNRCTL>

LSNRCTL> set password oracle
The command completed successfully

LSNRCTL> stop
Connecting to (ADDRESS=(PROTOCOL=TCP)(HOST=or1.domain)(PORT=1621))
The command completed successfully

1- Clear text Password

###############LISTENER.ORA##########################
LSNRFRADB =
   (ADDRESS_LIST =
     (ADDRESS = (PROTOCOL = TCP)(HOST = or1.domain)(PORT = 1621))
     
   )

SID_LIST_LSNRFRADB =
  (SID_LIST =
    (SID_DESC =
      (SID_NAME = PLSExtProc)
      (ORACLE_HOME = D:\oracle\product\10.2.0\db_1)
      (PROGRAM = extproc)
    )
    (SID_DESC =
      (SID_NAME = FRADB)
      (ORACLE_HOME = D:\oracle\product\10.2.0\db_1)
    )
  )

PASSWORDS_LSNRFRADB= (oracle)  ## there should not be any space before PASSWORDS_LSNRFRADB 

####################################################

2- Encrypted Password

(i) Comment out PASSWORD_ line if cleartext password is set.
(ii)stop & start listener.
(iii) Run lsnrctl 

 LSNRCTL> set current_listener lsnrfradb
Current Listener is lsnrfradb
LSNRCTL> set save_config_on_stop on
Connecting to (ADDRESS=(PROTOCOL=TCP)(HOST=or1.domain)(PORT=1621))
lsnrfradb parameter "save_config_on_stop" set to ON
The command completed successfully

LSNRCTL> change_password
Old password:
New password:
Reenter new password:
Connecting to (ADDRESS=(PROTOCOL=TCP)(HOST=or1)(PORT=1621))
Password changed for lsnrfradb
The command completed successfully

Just hit key for old password since no previuos password is set. The passwords you entered will not be echoed.


(iv) Stop the listener

LSNRCTL> set password
Password:
The command completed successfully


(v) Check your listener.ora file
Entries similar to the following should have been added to your listener.ora automatically.

 #----ADDED BY TNSLSNR 19-DEC-2010 12:52:16---
PASSWORDS_lsnrfradb = 1DF5C2FD0FE9CFA2
SAVE_CONFIG_ON_STOP_lsnrfradb = ON
#-------------------------------------------


 Test on some other node 
My Node: 192.168.2.81
C:\Documents and Settings\inam>lsnrctl

LSNRCTL for 32-bit Windows: Version 10.2.0.1.0 - Production on 19-DEC-2010 13:05:47

Copyright (c) 1991, 2005, Oracle.  All rights reserved.

Welcome to LSNRCTL, type "help" for information.

LSNRCTL> set current_listener 10.10.2.46:1621
Current Listener is 10.10.2.46:1621
LSNRCTL> status
Connecting to (DESCRIPTION=(CONNECT_DATA=(SERVICE_NAME=10.10.2.46))(ADDRESS=(PROTOCOL=TCP)(HOST=10.10.2.46)(PORT=1621)))

TNS-01169: The listener has not recognized the password
 TNS-01189: The listener could not authenticate the user
LSNRCTL> set current_listener 10.10.2.46:1621
Current Listener is 10.10.2.46:1621
LSNRCTL> set password oracle
The command completed successfully
LSNRCTL> status
Connecting to (DESCRIPTION=(CONNECT_DATA=(SERVICE_NAME=10.10.2.46))(ADDRESS=(PROTOCOL=TCP)(HOST=10.10.2.46)(PORT=1621)))

STATUS of the LISTENER
------------------------
Alias                     lsnrfradb
Version                   TNSLSNR for 32-bit Windows: Version 10.2.0.1.0 - Production
Start Date                19-DEC-2010 13:01:36
Uptime                    0 days 0 hr. 4 min. 44 sec
Trace Level               off
Security                  ON: Password or Local OS Authentication
SNMP                      OFF
Listener Parameter File   D:\oracle\product\10.2.0\db_1\network\admin\listener.ora
Listener Log File         D:\oracle\product\10.2.0\db_1\network\log\lsnrfradb.log
Listening Endpoints Summary...
  (DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=or1.domain)(PORT=1621)))
Services Summary...
Service "FRADB" has 2 instance(s).
  Instance "FRADB", status UNKNOWN, has 1 handler(s) for this service...
  Instance "fradb", status READY, has 1 handler(s) for this service...
Service "FRADB_XPT" has 1 instance(s).
  Instance "fradb", status READY, has 1 handler(s) for this service...
Service "PLSExtProc" has 1 instance(s).
  Instance "PLSExtProc", status UNKNOWN, has 1 handler(s) for this service...
The command completed successfully
LSNRCTL>



LSNRCTL> stop
Connecting to (DESCRIPTION=(CONNECT_DATA=(SERVICE_NAME=10.10.2.46))(ADDRESS=(PROTOCOL=TCP)(HOST=10.10.2.46)(PORT=1621)))

The command completed successfully
LSNRCTL> status
Connecting to (DESCRIPTION=(CONNECT_DATA=(SERVICE_NAME=10.10.2.46))(ADDRESS=(PROTOCOL=TCP)(HOST=10.10.2.46)(PORT=1621)))

TNS-12541: TNS:no listener
 TNS-12560: TNS:protocol adapter error
  TNS-00511: No listener
   32-bit Windows Error: 61: Unknown error

  
Ref:92602.1

 

No comments: