Earlier databases like 9i should set password for listeners, otherwise, they could be accidentally stopped by someone unknown.
Here in this post, I will introduce the following things:
- Set password on a listener
- Start and stop a password-protected listener
- Remove password from a listener
A. Set Listener Password
1. Enter LSNRCTL Interactive Mode
We are about to set the password in LSNRCTL.
[oracle@oracle9i ~]$ lsnrctl
LSNRCTL for Linux: Version 9.2.0.8.0 - Production on 21-SEP-2010 19:18:52
Copyright (c) 1991, 2006, Oracle Corporation. All rights reserved.
Welcome to LSNRCTL, type "help" for information.
2. Set Current Listener
If the listener that you want to set is the default one, i.e. LISTENER, then you can skip the step. Otherwise, please let LSNRCTL know what listener that you want to operate with. In this case, we'd like to operate LISTENER2.
LSNRCTL> set cur listener2
Current Listener is listener2
In which,
3. Start Up the Listener
We need an instance of the listener in order to set a password. If the target listener is already up, then you can skip this step.
LSNRCTL> start
Starting /u01/app/oracle/product/9.2.0/bin/tnslsnr: please wait...
TNSLSNR for Linux: Version 9.2.0.8.0 - Production
System parameter file is /u01/app/oracle/product/9.2.0/network/admin/listener.ora
Log messages written to /u01/app/oracle/product/9.2.0/network/log/listener2.log
Listening on: (DESCRIPTION=(ADDRESS=(PROTOCOL=ipc)(KEY=EXTPROC)))
Listening on: (DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=oracle9i.example.com)(PORT=1522)))
Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=IPC)(KEY=EXTPROC)))
STATUS of the LISTENER
------------------------
Alias listener2
Version TNSLSNR for Linux: Version 9.2.0.8.0 - Production
Start Date 21-SEP-2010 19:19:00
Uptime 0 days 0 hr. 0 min. 0 sec
Trace Level off
Security OFF
SNMP OFF
Listener Parameter File /u01/app/oracle/product/9.2.0/network/admin/listener.ora
Listener Log File /u01/app/oracle/product/9.2.0/network/log/listener2.log
Listening Endpoints Summary...
(DESCRIPTION=(ADDRESS=(PROTOCOL=ipc)(KEY=EXTPROC)))
(DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=oracle9i.example.com)(PORT=1522)))
The listener supports no services
The command completed successfully
4. Set / Change Password
Setting or Changing the password is basically the same thing, the only difference is that, you don't have to input anything in Old password field if there's no password on the listener.
LSNRCTL> change_password
Old password:
New password:
Reenter new password:
Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=IPC)(KEY=EXTPROC)))
Password changed for listener2
The command completed successfully
5. Save Password
Currently, the password is only saved in memory. If you exit the interactive mode now, then you abandon to set the password. I know it's a little weird, but you have to save the password.
LSNRCTL> set password
Password:
The command completed successfully
LSNRCTL> save_config
Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=IPC)(KEY=EXTPROC)))
Saved listener2 configuration parameters.
Listener Parameter File /u01/app/oracle/product/9.2.0/network/admin/listener.ora
Old Parameter File /u01/app/oracle/product/9.2.0/network/admin/listener.bak
The command completed successfully
LSNRCTL> exit
set password does not mean that you want to set or change the password, it means that you want to operate with an already password-protected listener. save_config is the main command in this step.
6. Check the Result
Let's see our result.
[oracle@oracle9i ~]$ cat $ORACLE_HOME/network/admin/listener.ora
...
#----ADDED BY TNSLSNR 21-SEP-2010 19:19:34---
PASSWORDS_listener2 = C9DDB2D0622D43DD
#--------------------------------------------
The password is encrypted.
B. Start / Stop Password-protected Listener
From now on, it will be a little inconvenient to start and stop the listener. If you don't provide any password before action, it will alert you TNS-01169: The listener has not recognized the password.
1. Start Listener
[oracle@oracle9i ~]$ lsnrctl
...
LSNRCTL> set cur listener2
Current Listener is listener2
LSNRCTL> set password
Password:
The command completed successfully
LSNRCTL> start
Starting /u01/app/oracle/product/9.2.0/bin/tnslsnr: please wait...
TNSLSNR for Linux: Version 9.2.0.8.0 - Production
System parameter file is /u01/app/oracle/product/9.2.0/network/admin/listener.ora
Log messages written to /u01/app/oracle/product/9.2.0/network/log/listener2.log
Listening on: (DESCRIPTION=(ADDRESS=(PROTOCOL=ipc)(KEY=EXTPROC)))
Listening on: (DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=oracle9i.example.com)(PORT=1522)))
Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=IPC)(KEY=EXTPROC)))
STATUS of the LISTENER
------------------------
Alias listener2
Version TNSLSNR for Linux: Version 9.2.0.8.0 - Production
Start Date 21-SEP-2020 14:49:48
Uptime 0 days 0 hr. 0 min. 0 sec
Trace Level off
Security ON
SNMP OFF
Listener Parameter File /u01/app/oracle/product/9.2.0/network/admin/listener.ora
Listener Log File /u01/app/oracle/product/9.2.0/network/log/listener2.log
Listening Endpoints Summary...
(DESCRIPTION=(ADDRESS=(PROTOCOL=ipc)(KEY=EXTPROC)))
(DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=oracle9i.example.com)(PORT=1522)))
The listener supports no services
The command completed successfully
2. Stop Listener
Stop or show status is the same as start.
[oracle@oracle9i ~]$ lsnrctl
...
LSNRCTL> set cur listener2
Current Listener is listener2
LSNRCTL> set password
Password:
The command completed successfully
LSNRCTL> stop
Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=IPC)(KEY=EXTPROC)))
The command completed successfully
C. Remove Password from Listener
If you don't like the password protection or you forgot the password, you can modify listener.ora and remove a line called:
But first, you have to stop the listener before doing anything.
For example, I comment out the line instead of remove it.
[oracle@oracle9i ~]$ vi $ORACLE_HOME/network/admin/listener.ora
...
#PASSWORDS_listener2 = C9DDB2D0622D43DD
Now, the password is removed.