为了避免没有经过允许的用户对监听进行非法操作,我们可以对监听进行加密设置,各个版本的操作办法如下:
pre-10gR1
=======
有两种办法设置密码,分为明文和暗文:
1.Clear text Password
(i)Add PASSWORDS_<your_listener_name> entry to your existing listener.ora file.
e.g.PASSWORDS_listener1 = (p1,p2)
(ii)Stop your listener, and restart it.
Now passwords are in effect.
To administer the listener, set password command must be used.
$lsnrctl
LSNRCTL> set current_listener LISTENER
LSNRCTL> set password p1
LSNRCTL> stop
<<< Here name of the listener is LISTENER
2. Encrypted Password
(i) Comment out PASSWORD_ line if cleartext password is set.
(ii)stop & start listener.
(iii) Run lsnrctl
LSNRCTL> set current_listener <your_listener_name>
LSNRCTL> set save_config_on_stop on
LSNRCTL> change_password
Old password: <enter>
New password: <enter_your_password>
Reenter new password: <reenter_your_password>
10g~11gR1:
=======
As the "oracle" user, set and encrypt the listener password:
1) LSNRCTL> set current_listener <listener_name>
2) LSNRCTL> change_password
Old password: <enter>
New password: 10glistener (text is not echoed)
Reenter new password: 10glistener (text is not echoed)
3) LSNRCTL> save_config
4) LSNRCTL> status
To disable the "Local OS Authentication" feature follow the procedure outlined below:
1. Stop the listener.
2. Add the following parameter in the listener.ora: LOCAL_OS_AUTHENTICATION_listener_name = OFF
3. Restart the listener
11gR2:
=======
In Oracle Database 11g Release 2 (11.2), the password feature is being deprecated. This does not cause a loss of security because authentication is enforced through local operating system authentication.
When upgrading to Oracle Database 11g Release 2 (Patch Set 11.2.0.3 and later) , follow the steps below to migrate a listener that has a set password:
1. Remove all PASSWORDS_listener_name entries from the listener.ora file.
2. Reload the listener using the following command: lsnrctl reload listener_name
12cR1:
=======
In Oracle Database 12c Release 1 (12.1), the listener password feature is no longer supported. This does not cause a loss of security because authentication is enforced through local operating system authentication.
