为监听器设置口令权限---Configuring Password Authentication for the Listener

文档地址：http://docs.oracle.com/cd/B19306_01/network.102/b14212/listenercfg.htm#i490255

 

Configuring Password Authentication for the Listener

Note:

If you are administering the listener remotely over an insecurenetwork and require maximum security, configure the listener with asecure protocol address that uses theTCP/IP with SSL protocol. If the listener hasmultiple protocol addresses, ensure that the TCP/IP with SSLprotocol address is listed first in thelistener.orafile.

 

It is important to provide security through a passwordfor the listener. With a password, privileged operations, such assaving configuration changes or stopping the listener, used fromthe Listener Control utility will require a password.

--为监听器提供一个密码设置是非常重要的。使用密码，可以验证有权限的操作，例如保存改变的配置或者终止监听器，可以使用监听器工具来修改需要的一个密码。

 

Use the Listener Control utility's CHANGE_PASSWORD command or OracleEnterprise Manager to set or modify an encrypted password in thePASSWORDS_listener_nameparameter in the listener.ora file. If thePASSWORDS_listener_name parameter is setto an unencrypted password, you must manually remove it from thelistener.ora file prior to modifying it. If theunencrypted password is not removed, you will be unable tosuccessfully set an encrypted password.

To set or modify an encrypted password with Oracle EnterpriseManager:

1. Access the Net Services Administration page in Oracle EnterpriseManager.

   See Also:

   "OracleEnterprise Manager"

2. Select Listeners from the Administerlist, and then select the Oracle home that contains the location ofthe configuration files.

3. Click Go.

   The Listeners page appears.

4. Select a listener, and then click Edit.

   The Edit Listeners page appears.

5. Click the Authentication tab.

6. Click Require a password for listeneroperations.

7. Click OK.

   Note:

   You can also configure static service information with Oracle NetManager. See topicConfigure Password Authentication for theListener in the online Help for further instruction.

To set a new encrypted password with theCHANGE_PASSWORD command, issue the following commandsfrom the Listener Control utility:

LSNRCTL> CHANGE_PASSWORDOld password: New password: takd01Reenter new password: takd01Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=tpc)(HOST=sales-server)(PORT=1521)))Password changed for LISTENERThe command completed successfully

LSNRCTL> SAVE_CONFIGConnecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=sales-server)(PORT=1521)))Saved LISTENER configuration parameters.Listener Parameter File   /oracle/network/admin/listener.oraOld Parameter File   /oracle/network/admin/listener.bakThe command completed successfully

 Bold denotes user input. The password is not displayed when entered.To modify an encrypted password with the CHANGE_PASSWORD command:

LSNRCTL> SET PASSWORDPassword: takd01The command completed successfullyLSNRCTL> CHANGE_PASSWORDOld password: takd01New password: smd01Reenter new password: smd01Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=tpc)(HOST=sales-server)(PORT=1521)))Password changed for LISTENERThe command completed successfullyLSNRCTL> SAVE_CONFIGConnecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=sales-server)(PORT=1521)))Saved LISTENER configuration parameters.Listener Parameter File   /oracle/network/admin/listener.oraOld Parameter File   /oracle/network/admin/listener.bakThe command completed successfully

而SET PASSWORD 的作用是密码验证用的，如你设置好了密码后，如果要停止监听，则需要先用SET PASSWORD输入正确的密码。如果为listener 设置了口令，那么在lsnrctl 中执行stop，save_config(第一次保存设置的时候，是不需要set password的，因为在没设置密码前，密码为空的。当第一次密码设置成功后，密码功能启用了，执行此命令，需要set password来录入现在的密码才能保存设置，否则返回错误信息)命令操作不论是local 还是remote listener 时都需要通过setpassword 来输入口令，只有口令正确才能执行上述命令。