為listener增加密碼驗證

工作上有用到Listener加密的這個需求，試了試，留下個簡單的記錄，覺得在單例項資料庫中還較方便的。

在RAC中由於用到srvctl 管理，在srvctl start ...　命令時會去檢查Listener的status(這個動作就等同於是執行了lsnrctl status命令來查詢Listener狀態)，所以這個時候會不透過(這是我目前在RAC環境加密Listener測試到挺麻煩的一個issue)，有時間再查一查。

[@more@]

rac-test2$lsnrctl <<< 此時是沒有設定密碼前的操作，可以正常作業(如status/start/stop/reload等操作)

LSNRCTL for Linux: Version 9.2.0.8.0 - Production on 09-9??-2008 11:28:19

Copyright (c) 1991, 2006, Oracle Corporation. All rights reserved.

Welcome to LSNRCTL, type "help" for information.

LSNRCTL> status

Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=rac-test2)(PORT=1521)))

STATUS of the LISTENER

------------------------

Alias LISTENER

Version TNSLSNR for Linux: Version 9.2.0.8.0 - Production

Start Date 09-9??-2008 10:59:13

Uptime 0 days 0 hr. 29 min. 10 sec

Trace Level off

Security OFF

SNMP OFF

Listener Parameter File /oracle/9208/network/admin/listener.ora

Listener Log File /oracle/9208/network/log/listener.log

Listening Endpoints Summary...

(DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=rac-test2)(PORT=1521)))

Services Summary...

Service "PLSExtProc" has 1 instance(s).

Instance "PLSExtProc", status UNKNOWN, has 1 handler(s) for this service...

Service "testdb" has 1 instance(s).

Instance "testdb2", status READY, has 2 handler(s) for this service...

Service "testdb2" has 1 instance(s).

Instance "testdb2", status UNKNOWN, has 1 handler(s) for this service...

The command completed successfully

LSNRCTL> change_password <<

Old password:

New password:

Reenter new password:

Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=rac-test2)(PORT=1521)))

Password changed for LISTENER

The command completed successfully

LSNRCTL> status <<< 此時密碼設定已經完畢，嘗試一下status操作，收到報錯提示：需要密碼驗證。

Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=rac-test2)(PORT=1521)))

TNS-01169: The listener has not recognized the password

LSNRCTL> set password <<< 我們需要透過set password來驗證密碼，並輸入之前設定的密碼，驗證透過方可執行相關操作。

Password:

The command completed successfully

LSNRCTL> status <<< 可以試一下在密碼驗證成功後的操作結果是成功的。

Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=rac-test2)(PORT=1521)))

STATUS of the LISTENER

------------------------

Alias LISTENER

Version TNSLSNR for Linux: Version 9.2.0.8.0 - Production

Start Date 09-9??-2008 10:59:13

Uptime 0 days 0 hr. 29 min. 36 sec

Trace Level off

Security ON

SNMP OFF

Listener Parameter File /oracle/9208/network/admin/listener.ora

Listener Log File /oracle/9208/network/log/listener.log

Listening Endpoints Summary...

(DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=rac-test2)(PORT=1521)))

Services Summary...

Service "PLSExtProc" has 1 instance(s).

Instance "PLSExtProc", status UNKNOWN, has 1 handler(s) for this service...

Service "testdb" has 1 instance(s).

Instance "testdb2", status READY, has 2 handler(s) for this service...

Service "testdb2" has 1 instance(s).

Instance "testdb2", status UNKNOWN, has 1 handler(s) for this service...

The command completed successfully

LSNRCTL> save_config <<< 注意密碼設定後一定要用save_config命令儲存所做的設定，oracle會將這些設定的變動保留到listener.ora裡面去。

Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=rac-test2)(PORT=1521)))

Saved LISTENER configuration parameters.

Listener Parameter File /oracle/9208/network/admin/listener.ora

Old Parameter File /oracle/9208/network/admin/listener.bak

The command completed successfully

LSNRCTL>

在設定了密碼以及儲存了設定後Listener.ora裡會出現這樣一條記錄：

#----ADDED BY TNSLSNR 09-9??-2008 11:28:52---

PASSWORDS_LISTENER = 62753F69B85AD170

#----------------------------------------------

所以，大家需要注意的是，以後重啟DB後，啟動Listener時需要先進入lsnrctl 命令裡透過 set password命令先輸入密碼方可進行操作哦！

PS：Listener做密碼設定不會影響任何client 端的東西，僅是為了防止listener遭到遠端惡意作業時加的一陣密碼驗證過程。