9I 10g LISTENER 加密 的不同

gaopengtttt發表於2013-06-18
加密

預設的9I資料庫監聽是可以遠端關閉的,只要能TNSPING通,如下:
-bash-3.2$ lsnrctl stop ora9i
LSNRCTL for Solaris: Version 11.2.0.3.0 - Production on 27-JUN-2013 04:53:08
Copyright (c) 1991, 2011, Oracle.  All rights reserved.
Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=192.168.1.151)(PORT=1521))(CONNECT_DATA=(SERVICE_NAME=ora9i)))
The command completed successfully
所以我們需要為9I的LISTENER 設定好安全策略為PASSWORD認證,防止這樣的情況


LSNRCTL> change_password
Old password:
New password:
Reenter new password:
Connecting to (ADDRESS=(PROTOCOL=tcp)(PORT=1521))
Password changed for LISTENER
The command completed successfully
LSNRCTL> save_config
Connecting to (ADDRESS=(PROTOCOL=tcp)(PORT=1521))
TNS-01169: The listener has not recognized the password
LSNRCTL> set password
Password:
The command completed successfully
LSNRCTL> save_config
Connecting to (ADDRESS=(PROTOCOL=tcp)(PORT=1521))
Saved LISTENER configuration parameters.
Listener Parameter File   /home/oracle/product/9.2.0.4/network/admin/listener.ora
Old Parameter File   /home/oracle/product/9.2.0.4/network/admin/listener.bak
The command completed successfully
再次遠端關閉
-bash-3.2$ lsnrctl stop ora9i
LSNRCTL for Solaris: Version 11.2.0.3.0 - Production on 27-JUN-2013 04:57:17
Copyright (c) 1991, 2011, Oracle.  All rights reserved.
Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=192.168.1.151)(PORT=1521))(CONNECT_DATA=(SERVICE_NAME=ora9i)))
TNS-01169: The listener has not recognized the password

但是10G過後不存在這個問題因為使用本地認證的模式如下:
LSNRCTL> status
Connecting to (ADDRESS=(PROTOCOL=tcp)(HOST=)(PORT=1521))
STATUS of the LISTENER
------------------------
Alias                     LISTENER
Version                   TNSLSNR for Solaris: Version 11.2.0.3.0 - Production
Start Date                27-JUN-2013 04:44:09
Uptime                    0 days 0 hr. 14 min. 26 sec
Trace Level               off
Security                  ON: Local OS Authentication
SNMP                      OFF
Listener Log File         /u01/app/oracle/diag/tnslsnr/dg1/listener/alert/log.xml
Listening Endpoints Summary...
  (DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=dg1)(PORT=1521)))
Services Summary...
Service "dg1" has 1 instance(s).
  Instance "ora11g", status READY, has 1 handler(s) for this service...
Service "ora11gXDB" has 1 instance(s).
  Instance "ora11g", status READY, has 1 handler(s) for this service...
The command completed successfully
LSNRCTL>
如果遠端關閉如下:
-bash-3.2$ lsnrctl stop test
LSNRCTL for Solaris: Version 11.2.0.3.0 - Production on 27-JUN-2013 05:00:16
Copyright (c) 1991, 2011, Oracle.  All rights reserved.
Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=192.168.1.157)(PORT=1521))(CONNECT_DATA=(SERVICE_NAME=test)))
TNS-01189: The listener could not authenticate the user
但是可以在LISTENER檔案中設定
LOCAL_OS_AUTHENTICATION_LISTENER = OFF
來關閉本地認證方式,這樣就可以設定密碼了,但是有什麼意義呢?設定密碼本來就是防止遠端關閉,如果能登入本機設定密碼有什麼意義

呢?殺掉程式不就可以了
如果你忘記了密碼,只要能夠登入本機,可以在配置檔案中刪除關於PASSWORD的記錄,然後KILL掉LISTENER程式,最後重啟就可以了。

 

來自 “ ITPUB部落格 ” ,連結:http://blog.itpub.net/7728585/viewspace-764206/,如需轉載,請註明出處,否則將追究法律責任。

相關文章