监听也可以设置密码,目的是为了增强安全性。
[oracle@db1 ~]$ more /u01/app/oracle/network/admin/listener.ora# listener.ora Network Configuration File: /u01/app/oracle/network/admin/listener.ora
# Generated by Oracle configuration tools.
LISTENER =
(DESCRIPTION_LIST =
(DESCRIPTION =
(ADDRESS = (PROTOCOL = TCP)(HOST = db1)(PORT = 1521))
)
)
ADR_BASE_LISTENER = /u01
LOCAL_OS_AUTHENTICATION_LISTENER = OFF
#----ADDED BY TNSLSNR 29-SEP-2015 14:44:17---
PASSWORDS_LISTENER = 6D7AA003392C436A
#--------------------------------------------
[oracle@db1 ~]$
蓝色部分是由如下方式生成的:
LSNRCTL> help
The following operations are available
An asterisk (*) denotes a modifier or extended command:
start stop status
services version reload
save_config trace spawn
change_password quit exit
set* show*
LSNRCTL> change_password
Old password: <没有密码的话,就直接回车>
New password: <我设置的123456>
Reenter new password: <123456>
Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=db1)(PORT=1521)))
Password changed for LISTENER
The command completed successfully
LSNRCTL> save_config
Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=db1)(PORT=1521)))
Saved LISTENER configuration parameters.
Listener Parameter File /u01/app/oracle/network/admin/listener.ora
Old Parameter File /u01/app/oracle/network/admin/listener.bak
The command completed successfully
LSNRCTL>
如此之后,监听的停止和更改配置,都要验证了密码之后才能继续:
[oracle@db1 ~]$ ps -ef | grep tns
root 25 2 0 14:36 ? 00:00:00 [netns]
oracle 1486 1 0 14:58 ? 00:00:00 /u01/app/oracle/bin/tnslsnr LISTENER -inherit
oracle 1511 1456 1 15:07 pts/1 00:00:00 grep tns
[oracle@db1 ~]$ lsnrctl
LSNRCTL for Linux: Version 11.2.0.1.0 - Production on 29-SEP-2015 15:07:54
Copyright (c) 1991, 2009, Oracle. All rights reserved.
Welcome to LSNRCTL, type "help" for information.
LSNRCTL> stop LISTENER
Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=db1)(PORT=1521)))
TNS-01169: The listener has not recognized the password
LSNRCTL> set password
Password: <123456>
The command completed successfully
LSNRCTL> stop LISTENER
Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=db1)(PORT=1521)))
The command completed successfully
LSNRCTL> exit
[oracle@db1 ~]$ ps -ef | grep tns
root 25 2 0 14:36 ? 00:00:00 [netns]
oracle 1514 1456 0 15:09 pts/1 00:00:00 grep tns
[oracle@db1 ~]$
验证通过后,成功停止。
LOCAL_OS_AUTHENTICATION_LISTENER = OFF,意思是默认值为ON,表示如果当前OS用户为启动监听器的用户,那么不会认证监听器密码。
仅此记录一下,今天迁移测试库遇到的。