how to set password for listener.

最新推荐文章于 2024-06-24 07:30:00 发布
最新推荐文章于 2024-06-24 07:30:00 发布 · 139 阅读 · 0
文章标签:

#Oracle #Linux #OS #Security #Access

本文介绍如何使用lsnrctl工具管理远程机器上的Oracle监听器,并通过tnsping测试远程服务。自10.2.0.1版本起,Oracle增强了监听器的安全性,支持密码认证。文中还演示了如何更改监听器的认证方式及远程停止监听器的方法。

We can manage the listener started at remote machine via the lsnrctl tools. You can test the tnsping to find out the remote machine which provide the tns serveice. Before 10.2.0.1, you can run the lsnrctl in your compute to stop the tns service. It is very insecurity. If I stop the tns service, the Oracle instance can not provide the service for customer. It 's all over. Since 10.2.0.1 the Oracle provide the authentication for tns service. By default the security level of tns listener is os authentication. So that you can manager the tns service only in local machine.

For example:

The server listener configuration.

LISTENER =
(DESCRIPTION_LIST =
(DESCRIPTION =
(ADDRESS = (PROTOCOL = TCP)(HOST = dxzq10)(PORT = 1522))
(ADDRESS = (PROTOCOL = TCP)(HOST = dxzq10)(PORT = 1523))
(ADDRESS = (PROTOCOL = IPC)(KEY = EXTPROC0))
)
)

After we start the listener. The status of it is below:

[oracle@dxzq10]$ lsnrctl status

LSNRCTL for Linux: Version 10.2.0.1.0 - Production on 01-JUN-2010 10:07:08

Copyright (c) 1991, 2005, Oracle. All rights reserved.

Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=dxzq10)(PORT=1522)))
STATUS of the LISTENER
------------------------
Alias LISTENER
Version TNSLSNR for Linux: Version 10.2.0.1.0 - Production
Start Date 01-JUN-2010 10:05:55
Uptime 0 days 0 hr. 1 min. 12 sec
Trace Level off
Security ON: Local OS Authentication
SNMP OFF
Listener Parameter File /u01/oracle/product/10.2.0.1/db_1/network/admin/listener.ora
Listener Log File /u01/oracle/product/10.2.0.1/db_1/network/log/listener.log
Listening Endpoints Summary...
(DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=dxzq10)(PORT=1522)))
(DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=dxzq10)(PORT=1523)))
(DESCRIPTION=(ADDRESS=(PROTOCOL=ipc)(KEY=EXTPROC0)))
Services Summary...

Now we access the tns listener from a remote client to show it status.

The client configuration is below:

LISTENER01 =
(DESCRIPTION_LIST =
(DESCRIPTION =
(ADDRESS = (PROTOCOL = TCP)(HOST = 192.168.150.136 )(PORT = 1522))
)
)

192.168.150.136 is the server's ip.

Run lsnrclt command.

C:\Documents and Settings\Administrator>lsnrctl status listener01

LSNRCTL for 32-bit Windows: Version 10.2.0.1.0 - Production on 01-6月 -2010 10:1
3:06

Copyright (c) 1991, 2005, Oracle. All rights reserved.

正在连接到 (DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=192.168.150.136)(PORT=1522)
))
TNS-01189: 监听程序无法验证用户

Oh. I can access the tns listener now. Because the tns listener just is os authentication by default. So I can access it in remote machine. And you can open the passowrd authentication by change_password command.

For example:

Come into lsnrctl console.

LSNRCTL> change_password
Old password:
New password:
Reenter new password:
Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=dxzq10)(PORT=1522)))
Password changed for LISTENER
The command completed successfully

LSNRCTL> status
Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=dxzq10)(PORT=1522)))
STATUS of the LISTENER
------------------------
Alias LISTENER
Version TNSLSNR for Linux: Version 10.2.0.1.0 - Production
Start Date 01-JUN-2010 10:05:55
Uptime 0 days 0 hr. 9 min. 11 sec
Trace Level off
Security ON: Password or Local OS Authentication

In client machine

LSNRCTL> set current_listener listener01
目前的监听程序为 listener01
LSNRCTL> set password 11111111
命令执行成功
LSNRCTL> status
正在连接到 (DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=192.168.150.136)(PORT=1522)
))
LISTENER 的 STATUS
------------------------
别名 LISTENER
版本 TNSLSNR for Linux: Version 10.2.0.1.0 - Production
启动日期 01-6月 -2010 10:05:55
正常运行时间 0 天 0 小时 11 分 4 秒
跟踪级别 off
安全性 ON: Password or Local OS Authentication

Now we can stop the listener in remote machine.

iteye_20622
关注
How to manage DB Control 11.x for RAC Database with emca (文档 ID 578011.1)
我的Oracle DBA之路
06-13 1136
How to manage DB Control 11.x for RAC Database with emca (文档 ID 578011.1) In this Document   Purpose   Scope   Details   Difference between the D
How To Fix Missing Responsibilities For A User (文档 ID 429852.1)
kikiwhq的专栏
01-25 2043
转:https://support.oracle.com/epmos/faces/DocumentDisplay?_afrLoop=337817957843841&id=429852.1&_adf.ctrl-state=15w90pbihl_81 How To Fix Missing Responsibilities For A User (文档 ID 429852.
No need to set a listener password in ORACLE 10G
cuicuntu1021的博客
02-24 171
linux5.3 oracle10.2.0.4.0(64bit) listener未设密码情况下,从另外一台主机stop server上的监听pldfmswebdb$lsnrctl stop LISTENER1 LSNRCT...
oracle中create for,How to create user for oracle10g/11g asm instance
weixin_34420941的博客
04-10 1268
在常规的asm维护管理中,我们可以用具有sysasm和sysdba权限的sys用户登录asm实例,进行相关的维护管理工作,但是在ogg相关的项目工程中,ogg读取asm存放的日志文件,为了管理的安全规范和方便,需要给ogg建立专用的登陆asm实例访问asm日志的具备sysasm或者sysdba权限的账号:比如,ogg里的asm账号配置:GGSCI (OSS-FWKT-DB1) 28> edi...
JNDI Datasource How-To
BLOG域名:programb.blog.youkuaiyun.com
04-29 316
Tomcat Home The Apache Software Foundation Apache Tomcat 10 Version 10.0.0-M4, Apr 3 2020 Links Docs Home FAQ User Comments User Guide 1) Introduction 2) Setup 3) First webapp 4) Deployer 5) Manager ...
SSL/TLS Configuration How-To
BLOG域名:programb.blog.youkuaiyun.com
04-24 436
Tomcat Home The Apache Software Foundation Apache Tomcat 8 Version 8.5.54, Apr 3 2020 Links Docs Home FAQ User Comments User Guide 1) Introduction 2) Setup 3) First webapp 4) Deployer 5) Manager 6) H...
How to enable Oracle listener tracing
爱肯的专栏
04-01 725
How to enable Oracle listener tracing
How to transfer large data via network
simonzhangsm的专栏
10-10 3019
1. Executive Summary If you have to transfer data, transfer only that which is necessary. If you unavoidably have TBs to transfer regularly, consider having your institution set up a GridFTP node. I...
Troubleshooting Guide for TNS-12518 TNS listener could not hand off client connection (文档 ID 550859.
逝鸿的博客
02-27 1328
APPLIES TO:Oracle Net Services - Version 10.1.0.5 to 12.1.0.2 [Release 10.1 to 12.1]Oracle Database - Enterprise Edition - Version 11.2.0.3 to 11.2.0.3 [Release 11.2]Information in this document appli...
【Spring Boot系列学习】02.Spring Boot配置文件
剑翊乾坤
01-08 2163
目录 一、application.properties 1.自定义属性 1.1简单属性 1.2实体属性 1.3参数间引用 1.4随机值配置 1.5自定义配置文件 2.常用属性 2.1多环境配置profile.application.yml 1.yaml语法 2.格式 3.支持的值 4.其他 三.其他 1.添加组件:添加组件的方式有两种 2.存放路径及优先...
(一)Kafka 安全之使用 SASL 进行身份验证 —— JAAS 配置、SASL 配置
流华追梦的专栏
06-24 3862
SASL 是用来认证 C/S 模式也就是服务器与客户端的一种认证机制,全称 Simple Authentication and Security Layer。这就是一种凭据认证方式。通俗的话来讲就是让服务器知道连接进来的客户端的身份是谁。比如凭借阅证到图书馆借书,而每个借阅证都有独立的 ID,通过 ID 定位谁是谁,而不是特别关心谁拿到了借阅证,只需要正确的借阅证即可。所以 SASL 就是服务器存储了客户端的身份证书和如何校验密码是否正确,而且仅在于身份认证过程,认证完毕后即可进行相关的服务操作。
帮忙分析与context.xml中配置有啥不同:<?xml version="1.0" encoding="UTF-8"?> <!-- Licensed to the Apache Software Foundation (ASF) under one or more contributor license agreements. See the NOTICE file distributed with this work for additional information regarding copyright ownership. The ASF licenses this file to You under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. --><!-- Note: A "Server" is not itself a "Container", so you may not define subcomponents such as "Valves" at this level. Documentation at /docs/config/server.html --><Server port="8005" shutdown="SHUTDOWN"> <Listener className="org.apache.catalina.startup.VersionLoggerListener"/> <!-- Security listener. Documentation at /docs/config/listeners.html <Listener className="org.apache.catalina.security.SecurityListener" /> --> <!--APR library loader. Documentation at /docs/apr.html --> <Listener SSLEngine="on" className="org.apache.catalina.core.AprLifecycleListener"/> <!-- Prevent memory leaks due to use of particular java/javax APIs--> <Listener className="org.apache.catalina.core.JreMemoryLeakPreventionListener"/> <Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener"/> <Listener className="org.apache.catalina.core.ThreadLocalLeakPreventionListener"/> <!-- Global JNDI resources Documentation at /docs/jndi-resources-howto.html --> <GlobalNamingResources> <!-- Editable user database that can also be used by UserDatabaseRealm to authenticate users --> <Resource auth="Container" description="User database that can be updated and saved" factory="org.apache.catalina.users.MemoryUserDatabaseFactory" name="UserDatabase" pathname="conf/tomcat-users.xml" type="org.apache.catalina.UserDatabase"/> <!-- <Resource auth="Container" driverClassName="com.mysql.jdbc.Driver" factory="aia.encrypt.EncryptedDataSourceFactory" name="jdbc/ibotWrite" password="MHTV7bXwrOX6rWFVdkJ8cA==" type="javax.sql.DataSource" url="jdbc:mysql://10.200.11.14:3306/ibot?characterEncoding=utf-8&autoReconnect=true&useSSL=false" username="sid_rob_dev"/> <Resource auth="Container" driverClassName="com.mysql.jdbc.Driver" factory="aia.encrypt.EncryptedDataSourceFactory" name="jdbc/ibotRead" password="MHTV7bXwrOX6rWFVdkJ8cA==" type="javax.sql.DataSource" url="jdbc:mysql://10.200.11.14:3306/ibot?characterEncoding=utf-8&autoReconnect=true&useSSL=false" username="sid_rob_dev"/> --> <Resource auth="Container" driverClassName="com.mysql.jdbc.Driver" factory="aia.encrypt.EncryptedDataSourceFactory" name="jdbc/ibotWrite" password="1E6AaBTvL4gewmlGQzSr7A==" type="javax.sql.DataSource" url="jdbc:mysql://aclsh-sit-pdb-sdi-rw.rwlb.rds.aliyuncs.com:3306/ibot?characterEncoding=utf-8&autoReconnect=true&useSSL=false&rewriteBatchedStatements=true" username="sid_pdb_rob_sit"/> <Resource auth="Container" driverClassName="com.mysql.jdbc.Driver" factory="aia.encrypt.EncryptedDataSourceFactory" name="jdbc/ibotRead" password="1E6AaBTvL4gewmlGQzSr7A==" type="javax.sql.DataSource" url="jdbc:mysql://aclsh-sit-pdb-sdi-rw.rwlb.rds.aliyuncs.com:3306/ibot?characterEncoding=utf-8&autoReconnect=true&useSSL=false&rewriteBatchedStatements=true" username="sid_pdb_rob_sit"/> <!--ICSP--> <Resource auth="Container" driverClassName="com.microsoft.sqlserver.jdbc.SQLServerDriver" factory="aia.encrypt.EncryptedDataSourceFactory" name="jdbc/icsp_ngs" password="BvnrCQlhRWLIMGBgxWARbg==" type="javax.sql.DataSource" url="jdbc:sqlserver://chot3r8csts02.aia.biz:1433;DatabaseName=ICSP;sendStringParametersAsUnicode=false" username="STCAOICSP" maxActive="100" minIdle="1" validationQuery = "select 1" /> <!--NB Sourth DB --> <Resource auth="Container" driverClassName="com.ibm.as400.access.AS400JDBCDriver" factory="aia.encrypt.EncryptedDataSourceFactory" name="jdbc/iRobot_NBS" password="RFJwxcPdFHrMj+MQSfEhcQ==" type="javax.sql.DataSource" url="jdbc:as400://aiash.aia.biz;naming=system" username="STCAOROBS1" maxActive="100" minIdle="20"/> <!--NB North DB--> <Resource auth="Container" driverClassName="com.ibm.as400.access.AS400JDBCDriver" factory="aia.encrypt.EncryptedDataSourceFactory" name="jdbc/iRobot_NBN" password="DoneD8VjLufbKt9UJQMeVQ==" type="javax.sql.DataSource" url="jdbc:as400://aiash.aia.biz;naming=system" username="STCAOROBN1" maxActive="100" minIdle="20"/> </GlobalNamingResources> <!-- A "Service" is a collection of one or more "Connectors" that share a single "Container" Note: A "Service" is not itself a "Container", so you may not define subcomponents such as "Valves" at this level. Documentation at /docs/config/service.html --> <Service name="Catalina"> <!--The connectors can use a shared executor, you can define one or more named thread pools--> <!-- <Executor name="tomcatThreadPool" namePrefix="catalina-exec-" maxThreads="150" minSpareThreads="4"/> --> <!-- A "Connector" represents an endpoint by which requests are received and responses are returned. Documentation at : Java HTTP Connector: /docs/config/http.html Java AJP Connector: /docs/config/ajp.html APR (HTTP/AJP) Connector: /docs/apr.html Define a non-SSL/TLS HTTP/1.1 Connector on port 8080 --> <Connector port="9080" maxPartCount="1000" maxPartHeaderSize="16384" connectionTimeout="20000" protocol="HTTP/1.1" redirectPort="8443"/> <!-- A "Connector" using the shared thread pool--> <!-- <Connector executor="tomcatThreadPool" port="8080" protocol="HTTP/1.1" connectionTimeout="20000" redirectPort="8443" /> --> <!-- Define an SSL/TLS HTTP/1.1 Connector on port 8443 This connector uses the NIO implementation. The default SSLImplementation will depend on the presence of the APR/native library and the useOpenSSL attribute of the AprLifecycleListener. Either JSSE or OpenSSL style configuration may be used regardless of the SSLImplementation selected. JSSE style configuration is used below. --> <!-- <Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol" maxThreads="150" SSLEnabled="true"> <SSLHostConfig> <Certificate certificateKeystoreFile="conf/localhost-rsa.jks" type="RSA" /> </SSLHostConfig> </Connector> --> <!-- Define an SSL/TLS HTTP/1.1 Connector on port 8443 with HTTP/2 This connector uses the APR/native implementation which always uses OpenSSL for TLS. Either JSSE or OpenSSL style configuration may be used. OpenSSL style configuration is used below. --> <!-- <Connector port="8443" protocol="org.apache.coyote.http11.Http11AprProtocol" maxThreads="150" SSLEnabled="true" > <UpgradeProtocol className="org.apache.coyote.http2.Http2Protocol" /> <SSLHostConfig> <Certificate certificateKeyFile="conf/localhost-rsa-key.pem" certificateFile="conf/localhost-rsa-cert.pem" certificateChainFile="conf/localhost-rsa-chain.pem" type="RSA" /> </SSLHostConfig> </Connector> --> <!-- Define an AJP 1.3 Connector on port 8009 --> <!-- <Connector protocol="AJP/1.3" address="::1" port="8009" redirectPort="8443" /> --> <!-- An Engine represents the entry point (within Catalina) that processes every request. The Engine implementation for Tomcat stand alone analyzes the HTTP headers included with the request, and passes them on to the appropriate Host (virtual host). Documentation at /docs/config/engine.html --> <!-- You should set jvmRoute to support load-balancing via AJP ie : <Engine name="Catalina" defaultHost="localhost" jvmRoute="jvm1"> --> <Engine defaultHost="localhost" name="Catalina"> <!--For clustering, please take a look at documentation at: /docs/cluster-howto.html (simple how to) /docs/config/cluster.html (reference documentation) --> <!-- <Cluster className="org.apache.catalina.ha.tcp.SimpleTcpCluster"/> --> <!-- Use the LockOutRealm to prevent attempts to guess user passwords via a brute-force attack --> <Realm className="org.apache.catalina.realm.LockOutRealm"> <!-- This Realm uses the UserDatabase configured in the global JNDI resources under the key "UserDatabase". Any edits that are performed against this UserDatabase are immediately available for use by the Realm. --> <Realm className="org.apache.catalina.realm.UserDatabaseRealm" resourceName="UserDatabase"/> </Realm> <Host appBase="webapps" autoDeploy="true" name="localhost" unpackWARs="true"> <!-- SingleSignOn valve, share authentication between web applications Documentation at: /docs/config/valve.html --> <!-- <Valve className="org.apache.catalina.authenticator.SingleSignOn" /> --> <!-- Access log processes all example. Documentation at: /docs/config/valve.html Note: The pattern used is equivalent to using pattern="common" --> <Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs" pattern="%h %l %u %t "%r" %s %b" prefix="localhost_access_log" suffix=".txt"/> </Host> </Engine> </Service> </Server>
08-12
username="root" password="password" driverClassName="com.mysql.cj.jdbc.Driver" url="jdbc:mysql://localhost:3306/mydb"/> ``` 相比之下,`context.xml` 文件中的配置更为简洁,并且可以独立维护: ```...
SSL/TLS Configuration How-To 是一组指南,它详细说明了如何配置服务器以支持安全套接层(SSL)/传输层安全性(TLS)协议
BLOG域名:programb.blog.youkuaiyun.com
04-24 1748
SSL/TLS Configuration How-To 是一组指南,它详细说明了如何配置服务器以支持安全套接层(SSL)/传输层安全性(TLS)协议。如果你正在使用APR(Apache Portable Runtime)或JSSE(Java Secure Socket Extension)的OpenSSL实现,你可以配置替代引擎来增强或替换默认的SSL功能。其中一个关键点在于访问SSL会话ID,这有助于跟踪客户端与服务器之间的连接状态。
Spring Boot学习总结(8)——SpringBoot Common application properties(application.properties)详解
科技D人生
05-05 4135
各种属性可以在您的application.properties/application.yml文件或命令行开关指定。下面提供了常见的Spring启动属性和引用它们的基础类的列表。 # =================================================================== # COMMON SPRING BOOT PROPERTIES # # T
XcCedric_PriceHive_15176_1764668805671.zip
12-03
XcCedric_PriceHive_15176_1764668805671.zip
智面工坊Interview_Forge是一个以学习-面试-补学闭环为核心的智能面试系统_通过个性化任务树AI面试与动态补学机制帮助候选人精准查漏补缺稳步升级面试战力_实现从任.zip
12-03
智面工坊Interview_Forge是一个以学习-面试-补学闭环为核心的智能面试系统_通过个性化任务树AI面试与动态补学机制帮助候选人精准查漏补缺稳步升级面试战力_实现从任.zip
Python练习:使用库
最新发布
12-03
Python练习:使用库
ArakeiShi_China-Gender-and-Sexual-Diversity-Practical-Solution_19824_1764665783520.zip
12-03
ArakeiShi_China-Gender-and-Sexual-Diversity-Practical-Solution_19824_1764665783520.zip
粮食加工库存管理系统_一款专为中小型粮食企业设计的综合性业务管理软件_该软件系统深度融合了粮食采购入库存粮管理粮食出库登记库存分类汇总成品信息管理成品出入库销售登记与退.zip
12-03
粮食加工库存管理系统_一款专为中小型粮食企业设计的综合性业务管理软件_该软件系统深度融合了粮食采购入库存粮管理粮食出库登记库存分类汇总成品信息管理成品出入库销售登记与退.zip
Ensure 'SECURE_CONTROL_<listener_name>' Is Set In 'listener.ora' 这个Oracle怎么检查
09-04
To check if `SECURE_CONTROL_<listener_name>` is set in the `listener.ora` file in Oracle, follow these steps: ### Locate the `listener.ora` file The `listener.ora` file is typically located in the `$TNS_ADMIN` directory. If the `$TNS_ADMIN` environment variable is not set, it can be found in the `$ORACLE_HOME/network/admin` directory. ### Open the `listener.ora` file Use a text editor to open the `listener.ora` file. For example, if you are using a Linux or Unix system, you can use the `vi` or `nano` editor: ```bash vi $TNS_ADMIN/listener.ora ``` or ```bash nano $TNS_ADMIN/listener.ora ``` ### Search for `SECURE_CONTROL_<listener_name>` In the opened `listener.ora` file, search for the pattern `SECURE_CONTROL_<listener_name>`, where `<listener_name>` is the actual name of your listener. For example, if your listener is named `LISTENER_Gentic`, you would search for `SECURE_CONTROL_LISTENER_Gentic`. In the `vi` editor, you can use the `/` command to search. Type `/SECURE_CONTROL_LISTENER_Gentic` and press Enter. If the setting is present, `vi` will highlight the line. ### Check the result If you find a line with `SECURE_CONTROL_<listener_name>` followed by a value (e.g., `SECURE_CONTROL_LISTENER_Gentic = yes`), then the setting is present in the `listener.ora` file. If you do not find such a line, then the setting is not set. ### Example code in Python to check ```python import os # Assume $TNS_ADMIN is set, or use $ORACLE_HOME/network/admin tns_admin = os.getenv('TNS_ADMIN', os.path.join(os.getenv('ORACLE_HOME'), 'network', 'admin')) listener_file = os.path.join(tns_admin, 'listener.ora') try: with open(listener_file, 'r') as file: content = file.read() listener_name = 'LISTENER_Gentic' # Replace with actual listener name search_pattern = f'SECURE_CONTROL_{listener_name}' if search_pattern in content: print(f'{search_pattern} is set in listener.ora') else: print(f'{search_pattern} is not set in listener.ora') except FileNotFoundError: print(f'listener.ora file not found in {tns_admin}') ```
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值