Listener passwords
In
http://www.petefinnigan.com/weblog/archives/00000639.htm
Pete is worried about listeners with no passwords.
Why cant the XE install script set a password for the listener.?
While I generally agree with Pete, at this time I have two reactions:
1) Look at the number of listener problems we have in the beta. Do we need the added complexity right now?
2) The password is not for accessing the listener, but for accessing the listener control facility with which you make configuration changes. It seems to be designed for protection in remote administration environments.
I have often wondered how critical the listener password is in an XE environment, when appropriate lsnrctl useage (at least in Linux) can be controlled by ACL. For example - on my system, without a password a non-DBA user would see:
pops@fuzzy:~> lsnrctl stop
LSNRCTL for Linux: Version 10.2.0.1.0 - Beta on 20-NOV-2005 07:36:33
Copyright (c) 1991, 2005, Oracle. All rights reserved.
Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=fuzzy)(PORT=1521)))
TNS-01190: The user is not authorized to execute the requested listener command
Similar Messages
-
Setting up Listener Password for Oracle 9.2.0.7
I am looking for information on configuration needed for "stopsap" when password is set up for the 9i listener.
Hi Inho,
When a listener password is set, you don't need a special configuration to start/stop sap.
The password is to protect the listener operation, not the connection to it.
It's started with the ora<sid> user before the sap instance starts, and stopped after it stops.
Regards,
JC Llanes. -
Setting listener password in oracle 8i
i have some very old windows databases that are 8.1.0.7. I am not able to upgrade these.
I am trying to set a password.
1. go to command line
2. lsnrctl
3. set password <password>
LSNRCTL> set password l1stener1$
The command completed successfully
LSNRCTL> save_config
Connecting to (DESCRIPTION=(ADDRESS=(
21)))
No changes to save for LISTENER.
The command completed successfully
LSNRCTL>Why does it say nothing to save?
3. When I type status
I get: Security: off
How do I verify that there is a password? I can't turn the listener off. Its a production database.
When I look in my listener.ora file, it does not appear to be getting updated with a password?
Edited by: Guess2 on Sep 30, 2009 12:20 PMFirst: Always test in a test environment before doing it in production.
Next: If you are very brief, you can stop and restart the listener without interupting service.
The only people who might be affected would be someone who happened to be attempting to connect at the split second your listener is down. Otherwise, existing connections should not be impacted. But, do NOT do this in production (never, ever, ever). Got it?
Finally, if you have set the password, changed the password, and saved your configuration, you should be able to look into your listener.ora file and see the password setting. It should look something like:
#----ADDED BY TNSLSNR 30-SEP-2009 15:41:13---
PASSWORDS_LISTENER = 9BD20802761D432E
There are numerous sites discussing listener passwords.
Do a search on "lsnrctl set password"
Hope that helps...
ji li -
Listener password - good or bad idea?
Hello
We have recently been audited on one of our Oracle databases (10.2.0.4). One of the recommendations is that we apply a password to our Listener.
I’ve looked at some of the Oracle documentation & checked a few references on the web. What I’m picking up is contradictory. One site (http://andrewfraserdba.com/2007/05/24/listener-passwords-always-for-9i-never-for-10g/) explicitly says do not set a password for Listener in Oracle 10 (unless you need to) because it makes the system less secure. This is also my reading of Metalink 260986.1 (“In Oracle 10g and newer versions of the listener, the listener is secure out of the box. There should be no need to set a listener password to prohibit privileged LSNRCTL commands from being executed.”)
On the other hand the Oracle 10g security guide does explicitly say that a password should be applied (“Protect the listener with a password" p. 2-7). Though it doesn’t go into detail on this point.
Does anyone have any comment on this – I prefer not to apply a password as long as the system remains secure mainly because it’s just another thing to manage.
Any advice appreciated.
ChrisThat portion of the 10g guide wasn't updated as it should have been.
You could log an SR with Oracle Support. I am sure that they will refer you to the Notes already mentioned.
The 11gR2 guide doesn't have such a statement. The 11gR2 Net Services Administrator's guide even goes on to say that a listener password is deprecated.
Hemant K Chitale -
TNS-1190 despite listener password
Hi,
we are migrating from em 11g to em 12c. Now we are getting listener error TNS-1190 "trc_directory (TNS-1190),. Please check log for details. ". As per note 1399060.1 I set listener password and changed "Monitoring Configuration" in oms but the same error still occurs.
When I execute "show trc_directory" from shell everything works fine:
oracle@orarac11g:~ $ lsnrctl
LSNRCTL for Solaris: Version 11.2.0.3.0 - Production on 03-DEC-2012 09:48:37
Copyright (c) 1991, 2011, Oracle. All rights reserved.
Welcome to LSNRCTL, type "help" for information.
LSNRCTL> show trc_directory
Connecting to (ADDRESS=(PROTOCOL=tcp)(HOST=)(PORT=1521))
TNS-01190: The user is not authorized to execute the requested listener command
LSNRCTL> set password
Password:
The command completed successfully
LSNRCTL> show trc_directory
Connecting to (ADDRESS=(PROTOCOL=tcp)(HOST=)(PORT=1521))
LISTENER parameter "trc_directory" set to /oraclebin/app/gridbase11.2/diag/tnslsnr/orarac11g/listener/trace
The command completed successfullyDoes anybody have the same error?
Thanks in advanceHi
I suggest first check you listener log. If you still see messages "trc_directory * 1190", you have not fixed the problem with your listener password.
If you setup the listener password properly on the server, you need then to place it in the listener config on OEM side.
Go to Listener Menu ->Target Setup -> Monitoring Configuration and place the password in "Listener Password" field. Then save the config.
and see again. if it does not help try to reboot the agent.
Kirill Loifman, dadbm.com
Edited by: Kirill Loifman on Jan 14, 2013 1:40 AM
Edited by: Kirill Loifman on Apr 12, 2013 7:51 AM -
Hi,
I have set password for listener in 9i database (9.2.0.8).
Password is prompted during stopping the listener but not during starting the listener. Below are the steps followed to set password for the listener,
LSNRCTL>set cur LIST_TESTDB
LSNRCTL>change_password
LSNRCTL>set password
LSNRCTL>save_config
$lsnrctl stop LIST_TESTDB
TNS-01169: The listener has not recognized the password.
LSNRCTL>set cur LIST_TESTDB
LSNRCTL>stop
(the listener stops successfully)
$lsnrctl start LIST_TESTDB
(the listener gets started successfully).
How to enable the password protection during starting the listener.
Regards.I have set password for listener in 9i database (9.2.0.8).
Password is prompted during stopping the listener but not during starting the listener. Below are the steps followed to set password for the listener,password is not required to start the listener even if it is set. except for start you need to enter/set password of all other listener administration. -
Once u set up a password on the listener, how do you code it exactly on the listener utility to start a listener with a password? lsnrctl: start listener password
I tried above, it doesn't work. (vs. 9i)A password isn't required to start the listener, even after setting a password. Just type lsnrctl start from the OS command line and this will start the listener. To stop the listener you will need to give the password. For example from the OS prompt:
lsnrctl
- once in the listener utility type:
set password
- you will then be prompted for a password
Password: <enter your listener password>
stop -
Setting an Oracle TNS Listener password
Im trying to enable a TNS Listener password on a database that I am monitoring through UNIX.
I have tried set current_listener, but lsnrctl only recognizes the listener on my machine.
Do I have to find the machine (remotely or not) where the listener is configured?
Each time I try, I get TNS-01101 error : could not service name
(I have already doen this successfully on my own machine, but I have to do the same for one of the databases in our firm)
Thanks.
Message was edited by:
Dan AThis error means that the service name could not be resolved by name-lookup. Verify the listener.ora is properly configured, check the name and address defined either in listener.ora or in the tnsnames.ora file.
I suggest you this reference Configuring Password Listener Authentication
~ Madrid -
Where do I specify the tns listener password in CF MX. I have
added a password to the oracle TNS listener service. I need to get
MX to pass this password to the oracle server. Is there a place to
do this.
cfkHere is what I was given from our security group here at
USDOJ:
We are using 9i,
Server Product ColdFusion MX
Version 7,0,2,142559
Edition Enterprise
Serial Number
Operating System Windows 2003
OS Version 5.2
Description:
A Oracle TNS Listener has been detected on the host with
login security disabled (SECURITY=OFF).
Observation:
Oracle is an enterprise level database which is available on
many different platforms.
A configuration vulnerability exists within the Oracle TNS
Listener which allows remote unauthenticated access. The TNS
Listener accepts a clients request and establishes a TNS
(Transparent Network Substrate) data connection between the client
and the service. A TNS connection allows clients and servers to
communicate over a network via a common API, regardless of the
network protocol used on either end (TCP/IP, IPX, etc). A default
installation of the TNS listens on TCP port 1521.
Vulnerable Systems:
Oracle 8i
Oracle 9i
Recommendation:
It is recommended to only allow certain IP's or subnet ranges
to access the TNS listener. This can be done by adding a rule in
the firewall. We also recommend that you enable a password for the
TNS listener within Oracle -
Help on preparing shell script for setting the listener password
Hi All,
I am working on checking all my DB servers listeners and if the password is not set for the listener then I need to set the password for that.
As we have many servers, I am planning to prepare the shell script for doing this task.
I am familiar with setting up the listener password manually, but strucked up to prepare the shell script to do the same task.
Can any one kindly help me on this.
Thanks in advance,
Mahi815537 wrote:
Could any body please help me.
Thanks,
MahiPatience, Grasshopper
This forum is not a chat line, and it is not paid support.
No one is responsible for monitoring it and giving a quick response.
Furthermore, it is a global forum. The person with the information you seek may very well live 20 time zones away from you and was going to bed just as you posted. He will not even see your post for several more hours.
Your original post went up in the middle of the night for half the world.
No one with the information you seek is deliberately withholding it until you sound sufficiently desperate. -
Oracle RAC listener password protection
Dear Gurus,
We have 2 node RAC setup 11gR2 and as a part of hardening we wish to set password for listener.
Can some one please guide how can we set password on listener that registered with CRS. What would be the impact if any?
Also, there are two things with which should be noted.
1) We are not using SCAN feature.
2) Listener created should be owned by oracle user but all listener are getting started by Grid.
Node 1 -
ps -ef | grep -i tns
root 125 2 0 Oct30 ? 00:00:00 [netns]
ora11g 35141 73510 0 12:50 pts/0 00:00:00 grep -i tns
grid 41763 1 0 Nov04 ? 00:00:05 /u01/app/11.2.0/grid/bin/tnslsnr LISTENER -inherit
grid 49634 1 0 Nov04 ? 00:00:05 /u01/app/ora11g/product/11.2.0/db_1/bin/tnslsnr LISTENER_REMCORP1 -inherit
Node 2 -
ps -ef | grep -i tnsroot 125 2 0 Oct30 ? 00:00:00 [netns]
ora11g 33783 33742 0 12:50 pts/1 00:00:00 grep -i tns
grid 49817 1 0 Nov04 ? 00:00:05 /u01/app/11.2.0/grid/bin/tnslsnr LISTENER -inherit
grid 56446 1 0 Nov04 ? 00:00:05 /u01/app/ora11g/product/11.2.0/db_1/bin/tnslsnr LISTENER_REMCORP2 -inherit
Regards,
Nikhil Mehta.
Edited by: 905267 on Nov 6, 2012 1:13 AMThanks for your reply Vlethakula.
When firing command from GRID/ASM home, it says service not available where as status is available from oracle home. While stopping listener from oracle home it gives TNS-01190 error.
remedy-ebu-db1*+ASM1:/home/grid>lsnrctl
LSNRCTL for Linux: Version 11.2.0.3.0 - Production on 06-NOV-2012 18:20:00
Copyright (c) 1991, 2011, Oracle. All rights reserved.
Welcome to LSNRCTL, type "help" for information.
LSNRCTL> set current_listener LISTENER_REMCORP1
Current Listener is LISTENER_REMCORP1
LSNRCTL> stop LISTENER_REMCORP1
TNS-01101: Could not find service name
LSNRCTL> stop LISTENER_REMCORP1
TNS-01101: Could not find service name
LSNRCTL> status
TNS-01101: Could not find service name
LSNRCTL> exit
remedy-ebu-db1*+ASM1:/home/grid>su - ora11
su: user ora11 does not exist
remedy-ebu-db1*+ASM1:/home/grid>su - ora11g
Password:
remedy-ebu-db1*REMCORP1:/home/ora11g>lsnrctl
LSNRCTL for Linux: Version 11.2.0.3.0 - Production on 07-NOV-2012 09:18:52
Copyright (c) 1991, 2011, Oracle. All rights reserved.
Welcome to LSNRCTL, type "help" for information.
LSNRCTL> set current_listener LISTENER_REMCORP1
Current Listener is LISTENER_REMCORP1
LSNRCTL> status
Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=remedy-vip-ebu-db1)(PORT=1526)(IP=FIRST)))
STATUS of the LISTENER
Alias LISTENER_REMCORP1
Version TNSLSNR for Linux: Version 11.2.0.3.0 - Production
Start Date 04-NOV-2012 14:56:49
Uptime 2 days 18 hr. 22 min. 17 sec
Trace Level off
Security ON: Local OS Authentication
SNMP OFF
Listener Parameter File /u01/app/ora11g/product/11.2.0/db_1/network/admin/listener.ora
Listener Log File /u01/app/ora11g/product/11.2.0/db_1/log/diag/tnslsnr/remedy-ebu-db1/listener_remcorp1/alert/log.xml
Listening Endpoints Summary...
(DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=121.244.255.54)(PORT=1526)))
(DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=121.244.255.50)(PORT=1526)))
Services Summary...
Service "REMCORP" has 2 instance(s).
Instance "REMCORP1", status READY, has 1 handler(s) for this service...
Instance "REMCORP2", status READY, has 1 handler(s) for this service...
Service "REMCORPXDB" has 2 instance(s).
Instance "REMCORP1", status READY, has 1 handler(s) for this service...
Instance "REMCORP2", status READY, has 1 handler(s) for this service...
The command completed successfully
LSNRCTL> stop
Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=remedy-vip-ebu-db1)(PORT=1526)(IP=FIRST)))
TNS-01190: The user is not authorized to execute the requested listener command
LSNRCTL>
Regards,
Nikhil Mehta. -
Hi Guys,
We have 2 node RAC setup oracle 10g(10.2.0.4) and we wish to set password on listener which registered with CRS.
Can some one please guide how can we set password on listenet thts registered with CRS.
What would be the impact if any....
Help is appreciated.
Regards,
Milanhttp://docs.oracle.com/cd/B19306_01/network.102/b14213/lsnrctl.htm#CIHEFEDH
just fyi,from 10g by default we have
lsnrctl status
Alias LISTENER
Version TNSLSNR for Solaris: Version 11.2.0.3.0 - Production
Start Date 29-MAR-2012 12:11:31
Uptime 5 days 0 hr. 46 min. 19 sec
Trace Level off
Security ON: Local OS Authentication <<--------------see this
SNMP OFF -
Listener.ora password problems
After a recent IT audit we've been told to set up a listener password for our Oracle 9R2 database on VMS. I tried but got a few error messages when entering the save_config command e.g
TNS-12570
TNS-12560
TNS-00530
It turns out that we use something called host naming to connect to our database, meaning that although we have a listener.ora file it is empty (or contains only a blank line.) I suspect this is why the password saving is not working. Can anyone shed any light on how to resolve this.Try using the netmgr to resolve the issues, this will allow you to configure the listener file via a GUI and set the password.
-
Lsnrctl status , the listener has not recognized the password
lsnrctl statusthe listener has not recognized the password
what the command to give the listener password, i know its password...C:\>lsnrctl
LSNRCTL for 32-bit Windows: Version 10.2.0.1.0 - Production on 08-FEB-2008 21:28
:33
Copyright (c) 1991, 2005, Oracle. All rights reserved.
Welcome to LSNRCTL, type "help" for information.
LSNRCTL> help set
The following operations are available after set
An asterisk (*) denotes a modifier or extended command:
password rawmode
displaymode trc_file
trc_directory trc_level
log_file log_directory
log_status current_listener
inbound_connect_timeout startup_waittime
save_config_on_stop
LSNRCTL>
LSNRCTL> set password test
The command completed successfully
LSNRCTL> -
How to disable Listener Pwd in Oracle?
Hello,
Can someone help me with the command to disable and enable listener password? This Step is required during HA test. Any help will be appreciated with points.
Thanks.Dear learner,
To Enable:
Execute commands from lsnrctl utility
1.set current_listener <your_listener_name>
2.set save_config_on_stop on
3.change_password ( first time old password nothing press enter)
4.stop listener
5.set password ( enter password )
6.stop
7.start
To Disable:
1.Remove save_config and password entry from listener.ora
2.stop and start listener
Regards
Vinod
Maybe you are looking for
-
KE5Z : UserExit or SAP Note for adding new fields in the report output
Hi, I want to add 2 new fields in KE5Z (Profit Center: Actual Line Items) report output. Order reason(AUGRU), Sales Document Type (AUART) fields. Is there any UserExit or SAP Note available for this.... Thanks in advance, fractal
-
Hi all. I have an issue using the Multiselect prompt in a dashboard, imagine that you create a prompt over a column with more than 500 distincts values, then in a dashboard you want to select all the values except one. So in the dashboard you open th
-
Telnet Error code 56 with Telnet Line Client Example?
Using Labview 8.5, XP, Telnet Line Client, I get the following error 56, TCP Read in Telnet Buffered Read.vi->Telnet Read.vi:3->Telnet Line Client.vi. I looked up this error which looks to be a Networking error: 56 The network operation exceeded the
-
I can not export BioBench data to Excel format
My data acquisition driver software is NI-DAQ, and data acquisition software is Biobench (Version 1.2). It work very well before. But recently, When I want to export data from Biobench into Excel, it told me ' Error, make sure your Excell has been in
-
Hi, I'm using forms6i. I have a database block in my forms, whose where condition i'm setting dynamically, based on another selection I'm using this code Set_Block_Property('Emp_Cal_Header',DEFAULT_WHERE, 'to_char(Ech_inci_fmdt,''yyyy/mm/dd'')'||'''-