文档地址:http://docs.oracle.com/cd/B19306_01/network.102/b14212/listenercfg.htm#i490255
Configuring Password Authentication for the Listener
Note:
If you are administering the listener remotely over an insecurenetwork and require maximum security, configure the listener with asecure protocol address that uses the TCP/IP with SSL protocol. If the listener hasmultiple protocol addresses, ensure that the TCP/IP with SSLprotocol address is listed first in thelistener.ora
file.
It is important to provide security through a passwordfor the listener. With a password, privileged operations, such assaving configuration changes or stopping the listener, used fromthe Listener Control utility will require a password.
--为监听器提供一个密码设置是非常重要的。使用密码,可以验证有权限的操作,例如保存改变的配置或者终止监听器,可以使用监听器工具来修改需要的一个密码。
Use the Listener Control utility's CHANGE_PASSWORD
command or OracleEnterprise Manager to set or modify an encrypted password in thePASSWORDS_
listener_name
parameter in the listener.ora
file. If thePASSWORDS_
listener_name
parameter is setto an unencrypted password, you must manually remove it from thelistener.ora
file prior to modifying it. If theunencrypted password is not removed, you will be unable tosuccessfully set an encrypted password.
To set or modify an encrypted password with Oracle EnterpriseManager:
-
Access the Net Services Administration page in Oracle EnterpriseManager.
See Also:
"OracleEnterprise Manager" -
Select Listeners from the Administerlist, and then select the Oracle home that contains the location ofthe configuration files.
-
Click Go.
The Listeners page appears.
-
Select a listener, and then click Edit.
The Edit Listeners page appears.
-
Click the Authentication tab.
-
Click Require a password for listeneroperations.
-
Click OK.
Note:
You can also configure static service information with Oracle NetManager. See topic Configure Password Authentication for theListener in the online Help for further instruction.
To set a new encrypted password with theCHANGE_PASSWORD
command, issue the following commandsfrom the Listener Control utility:
LSNRCTL> CHANGE_PASSWORD Old password: New password: takd01 Reenter new password: takd01 Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=tpc)(HOST=sales-server)(PORT=1521))) Password changed for LISTENER The command completed successfully
LSNRCTL> SAVE_CONFIG
Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=sales-server)(PORT=1521)))
Saved LISTENER configuration parameters.
Listener Parameter File /oracle/network/admin/listener.ora
Old Parameter File /oracle/network/admin/listener.bak
The command completed successfully
Bold denotes user input. The password is not displayed when entered. To modify an encrypted password with the CHANGE_PASSWORD
command:
LSNRCTL> SET PASSWORD
Password: takd01
The command completed successfully
LSNRCTL> CHANGE_PASSWORD
Old password: takd01
New password: smd01
Reenter new password: smd01
Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=tpc)(HOST=sales-server)(PORT=1521)))
Password changed for LISTENER
The command completed successfully
LSNRCTL> SAVE_CONFIG
Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=sales-server)(PORT=1521)))
Saved LISTENER configuration parameters.
Listener Parameter File /oracle/network/admin/listener.ora
Old Parameter File /oracle/network/admin/listener.bak
The command completed successfully
而SET PASSWORD 的作用是 密码验证用的,如你设置好了密码后,如果要停止监听,则需要先用SET PASSWORD 输入正确的密码。 如果为listener 设置了口令,那么在lsnrctl 中执行stop,save_config(第一次保存设置的时候,是不需要set password的,因为在没设置密码前,密码为空的。当第一次密码设置成功后,密码功能启用了,执行此命令,需要set password来录入现在的密码才能保存设置,否则返回错误信息)命令操作不论是local 还是remote listener 时都需要通过set password 来输入口令,只有口令正确才能执行上述命令。