11g下给监听设置口令 四
更新时间: 2015-07-07 13:33
4.禁用本地验证
查看当前监听状态
LSNRCTL> status
Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=192.168.133.120)(PORT=1521)))
STATUS of the LISTENER
------------------------
Alias LISTENER
Version TNSLSNR for Linux: Version 11.2.0.1.0 - Production
Start Date 11-OCT-2012 13:52:32
Uptime 0 days 0 hr. 10 min. 56 sec
Trace Level off
Security ON: Password or Local OS Authentication
SNMP OFF
Listener Parameter File /oracle/app/oracle/product/11.2.0.1/db_1/network/admin/listener.ora
Listener Log File /oracle/app/oracle/diag/tnslsnr/dbserver/listener/alert/log.xml
Listening Endpoints Summary...
(DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=192.168.133.120)(PORT=1521)))
Services Summary...
Service "sztech1" has 1 instance(s).
Instance "sztech1", status READY, has 1 handler(s) for this service...
Service "sztech1XDB" has 1 instance(s).
Instance "sztech1", status READY, has 1 handler(s) for this service...
The command completed successfully
LSNRCTL>
在默认情况下,启动Listener或者使用lsnrctl status命令查看监听状态,可以看到:
Security ON: Password OR Local OS Authentication
这表明Listener的安全机制使用了Password方式或者Local OS Authentication方式,在这种状态下,即使是设置了监听密码,对于启动监听的user来说,也仍然是不需要任何密码就可以停止监听的。
如果我们想去除自Oracle10g之后的这种新安全机制,那么需要在listener.ora文件中添加:
LOCAL_OS_AUTHENTICATION_[listener name]=OFF
[oracle@dbserver admin]$ vi listener.ora
# listener.ora Network Configuration File: /oracle/app/oracle/product/11.2.0.1/db_1/network/admin/listener.ora
# Generated by Oracle configuration tools.
SUBSCRIBE_FOR_NODE_DOWN_EVENT_LISTENER=OFF
LISTENER =
(DESCRIPTION_LIST =
(DESCRIPTION =
(ADDRESS = (PROTOCOL = TCP)(HOST = 192.168.133.120)(PORT = 1521))
)
)
ADR_BASE_LISTENER = /oracle/app/oracle
#----ADDED BY TNSLSNR 11-OCT-2012 12:01:40---
PASSWORDS_LISTENER = BC15114DF0BA2BF0
#--------------------------------------------
LOCAL_OS_AUTHENTICATION_listener=OFF
"listener.ora" 21L, 544C written
[oracle@dbserver admin]$
重新启动Listener之后,将会只看到:
LSNRCTL> start
Starting /oracle/app/oracle/product/11.2.0.1/db_1/bin/tnslsnr: please wait...
TNSLSNR for Linux: Version 11.2.0.1.0 - Production
System parameter file is /oracle/app/oracle/product/11.2.0.1/db_1/network/admin/listener.ora
Log messages written to /oracle/app/oracle/diag/tnslsnr/dbserver/listener/alert/log.xml
Listening on: (DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=192.168.133.120)(PORT=1521)))
Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=192.168.133.120)(PORT=1521)))
STATUS of the LISTENER
------------------------
Alias LISTENER
Version TNSLSNR for Linux: Version 11.2.0.1.0 - Production
Start Date 11-OCT-2012 14:07:53
Uptime 0 days 0 hr. 0 min. 0 sec
Trace Level off
Security ON: Password
SNMP OFF
Listener Parameter File /oracle/app/oracle/product/11.2.0.1/db_1/network/admin/listener.ora
Listener Log File /oracle/app/oracle/diag/tnslsnr/dbserver/listener/alert/log.xml
Listening Endpoints Summary...
(DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=192.168.133.120)(PORT=1521)))
The listener supports no services
The command completed successfully
LSNRCTL>
这就又回复到了Oracle9i时的状态,只要有密码存在,无论是谁尝试停止监听都会被要求set password。
查看当前监听状态
LSNRCTL> status
Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=192.168.133.120)(PORT=1521)))
STATUS of the LISTENER
------------------------
Alias LISTENER
Version TNSLSNR for Linux: Version 11.2.0.1.0 - Production
Start Date 11-OCT-2012 13:52:32
Uptime 0 days 0 hr. 10 min. 56 sec
Trace Level off
Security ON: Password or Local OS Authentication
SNMP OFF
Listener Parameter File /oracle/app/oracle/product/11.2.0.1/db_1/network/admin/listener.ora
Listener Log File /oracle/app/oracle/diag/tnslsnr/dbserver/listener/alert/log.xml
Listening Endpoints Summary...
(DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=192.168.133.120)(PORT=1521)))
Services Summary...
Service "sztech1" has 1 instance(s).
Instance "sztech1", status READY, has 1 handler(s) for this service...
Service "sztech1XDB" has 1 instance(s).
Instance "sztech1", status READY, has 1 handler(s) for this service...
The command completed successfully
LSNRCTL>
在默认情况下,启动Listener或者使用lsnrctl status命令查看监听状态,可以看到:
Security ON: Password OR Local OS Authentication
这表明Listener的安全机制使用了Password方式或者Local OS Authentication方式,在这种状态下,即使是设置了监听密码,对于启动监听的user来说,也仍然是不需要任何密码就可以停止监听的。
如果我们想去除自Oracle10g之后的这种新安全机制,那么需要在listener.ora文件中添加:
LOCAL_OS_AUTHENTICATION_[listener name]=OFF
[oracle@dbserver admin]$ vi listener.ora
# listener.ora Network Configuration File: /oracle/app/oracle/product/11.2.0.1/db_1/network/admin/listener.ora
# Generated by Oracle configuration tools.
SUBSCRIBE_FOR_NODE_DOWN_EVENT_LISTENER=OFF
LISTENER =
(DESCRIPTION_LIST =
(DESCRIPTION =
(ADDRESS = (PROTOCOL = TCP)(HOST = 192.168.133.120)(PORT = 1521))
)
)
ADR_BASE_LISTENER = /oracle/app/oracle
#----ADDED BY TNSLSNR 11-OCT-2012 12:01:40---
PASSWORDS_LISTENER = BC15114DF0BA2BF0
#--------------------------------------------
LOCAL_OS_AUTHENTICATION_listener=OFF
"listener.ora" 21L, 544C written
[oracle@dbserver admin]$
重新启动Listener之后,将会只看到:
LSNRCTL> start
Starting /oracle/app/oracle/product/11.2.0.1/db_1/bin/tnslsnr: please wait...
TNSLSNR for Linux: Version 11.2.0.1.0 - Production
System parameter file is /oracle/app/oracle/product/11.2.0.1/db_1/network/admin/listener.ora
Log messages written to /oracle/app/oracle/diag/tnslsnr/dbserver/listener/alert/log.xml
Listening on: (DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=192.168.133.120)(PORT=1521)))
Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=192.168.133.120)(PORT=1521)))
STATUS of the LISTENER
------------------------
Alias LISTENER
Version TNSLSNR for Linux: Version 11.2.0.1.0 - Production
Start Date 11-OCT-2012 14:07:53
Uptime 0 days 0 hr. 0 min. 0 sec
Trace Level off
Security ON: Password
SNMP OFF
Listener Parameter File /oracle/app/oracle/product/11.2.0.1/db_1/network/admin/listener.ora
Listener Log File /oracle/app/oracle/diag/tnslsnr/dbserver/listener/alert/log.xml
Listening Endpoints Summary...
(DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=192.168.133.120)(PORT=1521)))
The listener supports no services
The command completed successfully
LSNRCTL>
这就又回复到了Oracle9i时的状态,只要有密码存在,无论是谁尝试停止监听都会被要求set password。