How to Set Password for Listener

  • by

Earlier databases like 9i should set password for listeners, otherwise, they could be accidentally stopped by someone unknown.

Here in this post, I will introduce the following things:

Set Listener Password

1. Enter LSNRCTL Interactive Mode

We are about to set the password in LSNRCTL.

[oracle@oracle9i ~]$ lsnrctl

LSNRCTL for Linux: Version 9.2.0.8.0 - Production on 21-SEP-2010 19:18:52

Copyright (c) 1991, 2006, Oracle Corporation.  All rights reserved.

Welcome to LSNRCTL, type "help" for information.

2. Set Current Listener

If the listener that you want to set is the default one, LISTENER, then you can skip the step. Otherwise, please let LSNRCTL know what listener that you want to operate with. In this case, we'd like to operate LISTENER2.

LSNRCTL> set cur listener2
Current Listener is listener2

In which,

cur = current_listener

3. Start Up the Listener

We need an instance of the listener in order to set a password. If the target listener is already up, then you can skip this step.

LSNRCTL> start
Starting /u01/app/oracle/product/9.2.0/bin/tnslsnr: please wait...

TNSLSNR for Linux: Version 9.2.0.8.0 - Production
System parameter file is /u01/app/oracle/product/9.2.0/network/admin/listener.ora
Log messages written to /u01/app/oracle/product/9.2.0/network/log/listener2.log
Listening on: (DESCRIPTION=(ADDRESS=(PROTOCOL=ipc)(KEY=EXTPROC)))
Listening on: (DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=oracle9i.example.com)(PORT=1522)))

Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=IPC)(KEY=EXTPROC)))
STATUS of the LISTENER
------------------------
Alias                     listener2
Version                   TNSLSNR for Linux: Version 9.2.0.8.0 - Production
Start Date                21-SEP-2010 19:19:00
Uptime                    0 days 0 hr. 0 min. 0 sec
Trace Level               off
Security                  OFF
SNMP                      OFF
Listener Parameter File   /u01/app/oracle/product/9.2.0/network/admin/listener.ora
Listener Log File         /u01/app/oracle/product/9.2.0/network/log/listener2.log
Listening Endpoints Summary...
  (DESCRIPTION=(ADDRESS=(PROTOCOL=ipc)(KEY=EXTPROC)))
  (DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=oracle9i.example.com)(PORT=1522)))
The listener supports no services
The command completed successfully

4. Set / Change Password

Setting or Changing the password is basically the same thing, the only difference is that, you don't have to input anything in Old password field if there's no password on the listener.

LSNRCTL> change_password
Old password:
New password:
Reenter new password:
Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=IPC)(KEY=EXTPROC)))
Password changed for listener2
The command completed successfully

5. Save Password

Currently, the password is only saved in memory. If you exit the interactive mode now, then you abandon to set the password. I know it's a little weird, but you have to save the password.

LSNRCTL> set password
Password:
The command completed successfully
LSNRCTL> save_config
Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=IPC)(KEY=EXTPROC)))
Saved listener2 configuration parameters.
Listener Parameter File   /u01/app/oracle/product/9.2.0/network/admin/listener.ora
Old Parameter File   /u01/app/oracle/product/9.2.0/network/admin/listener.bak
The command completed successfully
LSNRCTL> exit

set password does not mean that you want to set or change the password, it means that you want to operate with an already passworded listener. save_config is the main command in this step.

6. Check the Result

Let's see our result.

[oracle@oracle9i ~]$ cat $ORACLE_HOME/network/admin/listener.ora
...
#----ADDED BY TNSLSNR 21-SEP-2010 19:19:34---
PASSWORDS_listener2 = C9DDB2D0622D43DD
#--------------------------------------------

The password is encrypted.

Start / Stop Passworded Listener

From now on, it will be a little inconvenient to start and stop the listener.

1. Start Listener

[oracle@oracle9i ~]$ lsnrctl
...
LSNRCTL> set cur listener2
Current Listener is listener2
LSNRCTL> set password
Password:
The command completed successfully
LSNRCTL> start
Starting /u01/app/oracle/product/9.2.0/bin/tnslsnr: please wait...

TNSLSNR for Linux: Version 9.2.0.8.0 - Production
System parameter file is /u01/app/oracle/product/9.2.0/network/admin/listener.ora
Log messages written to /u01/app/oracle/product/9.2.0/network/log/listener2.log
Listening on: (DESCRIPTION=(ADDRESS=(PROTOCOL=ipc)(KEY=EXTPROC)))
Listening on: (DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=oracle9i.example.com)(PORT=1522)))

Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=IPC)(KEY=EXTPROC)))
STATUS of the LISTENER
------------------------
Alias                     listener2
Version                   TNSLSNR for Linux: Version 9.2.0.8.0 - Production
Start Date                21-SEP-2020 14:49:48
Uptime                    0 days 0 hr. 0 min. 0 sec
Trace Level               off
Security                  ON
SNMP                      OFF
Listener Parameter File   /u01/app/oracle/product/9.2.0/network/admin/listener.ora
Listener Log File         /u01/app/oracle/product/9.2.0/network/log/listener2.log
Listening Endpoints Summary...
  (DESCRIPTION=(ADDRESS=(PROTOCOL=ipc)(KEY=EXTPROC)))
  (DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=oracle9i.example.com)(PORT=1522)))
The listener supports no services
The command completed successfully

2. Stop Listener

Stop or show status is the same as start.

[oracle@oracle9i ~]$ lsnrctl
...
LSNRCTL> set cur listener2
Current Listener is listener2
LSNRCTL> set password
Password:
The command completed successfully
LSNRCTL> stop
Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=IPC)(KEY=EXTPROC)))
The command completed successfully

Remove Password from Listener

If you don't like the password protection or you forgot the password, you can modify listener.ora and remove a line called:

PASSWORDS_LISTENER_NAME =

But first, you have to stop the listener before doing anything.

For example, I comment out the line instead of remove it.

[oracle@oracle9i ~]$ vi $ORACLE_HOME/network/admin/listener.ora
...
#PASSWORDS_listener2 = C9DDB2D0622D43DD

Now, the password is removed.

Leave a Reply

Your email address will not be published. Required fields are marked *