Oracle监听加密
Oracle在10G以后多了一个监听加密的保护措施,防止因为意外监听不正常关闭,对使用了dataguard(特别是最大保护模式)来作为容灾的应用显然有着极为重要的意义。对于重启监听时,要检查dataguard最大保护模式时主机有没有因为监听不通而导致数据库实例关闭
1.没有加密时候的监听
[oracle@TESTDB01 ~]$ lsnrctl status
LSNRCTL for Linux: Version 11.2.0.1.0 - Production on 15-OCT-2013 06:02:25
Copyright (c) 1991, 2009, Oracle. All rights reserved.
Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=IPC)(KEY=EXTPROC1521)))
STATUS of the LISTENER
------------------------
Alias LISTENER
Version TNSLSNR for Linux: Version 11.2.0.1.0 - Production
Start Date 11-OCT-2013 04:12:34
Uptime 4 days 1 hr. 49 min. 50 sec
Trace Level off
Security ON: Local OS Authentication
SNMP OFF
Listener Parameter File /home/oracle/app/oracle/product/11.2.0/network/admin/listener.ora
Listener Log File /home/oracle/app/diag/tnslsnr/TESTDB01/listener/alert/log.xml
Listening Endpoints Summary...
(DESCRIPTION=(ADDRESS=(PROTOCOL=ipc)(KEY=EXTPROC1521)))
(DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=192.168.2.10)(PORT=1521)))
Services Summary...
Service "orcl" has 1 instance(s).
Instance "orcl", status UNKNOWN, has 1 handler(s) for this service...
Service "orclXDB" has 1 instance(s).
Instance "orcl", status READY, has 1 handler(s) for this service...
Service "orcl_primary" has 1 instance(s).
Instance "orcl", status READY, has 1 handler(s) for this service...
The command completed successfully
LSNRCTL for Linux: Version 11.2.0.1.0 - Production on 15-OCT-2013 06:02:25
Copyright (c) 1991, 2009, Oracle. All rights reserved.
Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=IPC)(KEY=EXTPROC1521)))
STATUS of the LISTENER
------------------------
Alias LISTENER
Version TNSLSNR for Linux: Version 11.2.0.1.0 - Production
Start Date 11-OCT-2013 04:12:34
Uptime 4 days 1 hr. 49 min. 50 sec
Trace Level off
Security ON: Local OS Authentication
SNMP OFF
Listener Parameter File /home/oracle/app/oracle/product/11.2.0/network/admin/listener.ora
Listener Log File /home/oracle/app/diag/tnslsnr/TESTDB01/listener/alert/log.xml
Listening Endpoints Summary...
(DESCRIPTION=(ADDRESS=(PROTOCOL=ipc)(KEY=EXTPROC1521)))
(DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=192.168.2.10)(PORT=1521)))
Services Summary...
Service "orcl" has 1 instance(s).
Instance "orcl", status UNKNOWN, has 1 handler(s) for this service...
Service "orclXDB" has 1 instance(s).
Instance "orcl", status READY, has 1 handler(s) for this service...
Service "orcl_primary" has 1 instance(s).
Instance "orcl", status READY, has 1 handler(s) for this service...
The command completed successfully
2.加密码,初次加密码,OLD_PASSWORD为空
[oracle@TESTDB01 ~]$ lsnrctl
LSNRCTL for Linux: Version 11.2.0.1.0 - Production on 15-OCT-2013 06:05:07
Copyright (c) 1991, 2009, Oracle. All rights reserved.
Welcome to LSNRCTL, type "help" for information.
LSNRCTL> change_password
Old password:
New password:
Reenter new password:
Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=IPC)(KEY=EXTPROC1521)))
Password changed for LISTENER
The command completed successfully
LSNRCTL> save_config
Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=IPC)(KEY=EXTPROC1521)))
Saved LISTENER configuration parameters.
Listener Parameter File /home/oracle/app/oracle/product/11.2.0/network/admin/listener.ora
Old Parameter File /home/oracle/app/oracle/product/11.2.0/network/admin/listener.bak
The command completed successfully
LSNRCTL for Linux: Version 11.2.0.1.0 - Production on 15-OCT-2013 06:05:07
Copyright (c) 1991, 2009, Oracle. All rights reserved.
Welcome to LSNRCTL, type "help" for information.
LSNRCTL> change_password
Old password:
New password:
Reenter new password:
Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=IPC)(KEY=EXTPROC1521)))
Password changed for LISTENER
The command completed successfully
LSNRCTL> save_config
Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=IPC)(KEY=EXTPROC1521)))
Saved LISTENER configuration parameters.
Listener Parameter File /home/oracle/app/oracle/product/11.2.0/network/admin/listener.ora
Old Parameter File /home/oracle/app/oracle/product/11.2.0/network/admin/listener.bak
The command completed successfully
3.查看修改listener文件,新增一行,使本地监听认证失效
LOCAL_OS_AUTHENTICATION_LISTENER = OFF
[oracle@TESTDB01 admin]$ more listener.ora
# listener.ora Network Configuration File: /home/oracle/app/oracle/product/11.2.0/network/admin/listener.ora
# Generated by Oracle configuration tools.
LISTENER =
(DESCRIPTION_LIST =
(DESCRIPTION =
(ADDRESS = (PROTOCOL = IPC)(KEY = EXTPROC1521))
(ADDRESS = (PROTOCOL = TCP)(HOST = OwnerHost)(PORT = 1521))
)
)
SID_LIST_LISTENER =
(SID_LIST =
(SID_DESC =
(GLOBAL_DBNAME = orcl)
(SID_NAME = orcl)
)
)
ADR_BASE_LISTENER = /home/oracle/app
#----ADDED BY TNSLSNR 15-OCT-2013 06:05:26---
LOCAL_OS_AUTHENTICATION_LISTENER = OFF
PASSWORDS_LISTENER = 47B6AF325FB7E30D
#--------------------------------------------
# listener.ora Network Configuration File: /home/oracle/app/oracle/product/11.2.0/network/admin/listener.ora
# Generated by Oracle configuration tools.
LISTENER =
(DESCRIPTION_LIST =
(DESCRIPTION =
(ADDRESS = (PROTOCOL = IPC)(KEY = EXTPROC1521))
(ADDRESS = (PROTOCOL = TCP)(HOST = OwnerHost)(PORT = 1521))
)
)
SID_LIST_LISTENER =
(SID_LIST =
(SID_DESC =
(GLOBAL_DBNAME = orcl)
(SID_NAME = orcl)
)
)
ADR_BASE_LISTENER = /home/oracle/app
#----ADDED BY TNSLSNR 15-OCT-2013 06:05:26---
LOCAL_OS_AUTHENTICATION_LISTENER = OFF
PASSWORDS_LISTENER = 47B6AF325FB7E30D
#--------------------------------------------
4.重启监听
lsnrctl stop
lsnrctl start
[oracle@TESTDB02 admin]$ lsnrctl start
LSNRCTL for Linux: Version 11.2.0.1.0 - Production on 15-OCT-2013 06:09:31
Copyright (c) 1991, 2009, Oracle. All rights reserved.
Starting /home/oracle/app/oracle/product/11.2.0/bin/tnslsnr: please wait...
TNSLSNR for Linux: Version 11.2.0.1.0 - Production
System parameter file is /home/oracle/app/oracle/product/11.2.0/network/admin/listener.ora
Log messages written to /home/oracle/app/diag/tnslsnr/TESTDB02/listener/alert/log.xml
Listening on: (DESCRIPTION=(ADDRESS=(PROTOCOL=ipc)(KEY=EXTPROC1521)))
Listening on: (DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=TESTDB02)(PORT=1521)))
Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=IPC)(KEY=EXTPROC1521)))
STATUS of the LISTENER
------------------------
Alias LISTENER
Version TNSLSNR for Linux: Version 11.2.0.1.0 - Production
Start Date 15-OCT-2013 06:09:31
Uptime 0 days 0 hr. 0 min. 0 sec
Trace Level off
Security ON: Password
SNMP OFF
Listener Parameter File /home/oracle/app/oracle/product/11.2.0/network/admin/listener.ora
Listener Log File /home/oracle/app/diag/tnslsnr/TESTDB02/listener/alert/log.xml
Listening Endpoints Summary...
(DESCRIPTION=(ADDRESS=(PROTOCOL=ipc)(KEY=EXTPROC1521)))
(DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=TESTDB02)(PORT=1521)))
Services Summary...
Service "orcl" has 1 instance(s).
Instance "orcl", status UNKNOWN, has 1 handler(s) for this service...
The command completed successfully
LSNRCTL for Linux: Version 11.2.0.1.0 - Production on 15-OCT-2013 06:09:31
Copyright (c) 1991, 2009, Oracle. All rights reserved.
Starting /home/oracle/app/oracle/product/11.2.0/bin/tnslsnr: please wait...
TNSLSNR for Linux: Version 11.2.0.1.0 - Production
System parameter file is /home/oracle/app/oracle/product/11.2.0/network/admin/listener.ora
Log messages written to /home/oracle/app/diag/tnslsnr/TESTDB02/listener/alert/log.xml
Listening on: (DESCRIPTION=(ADDRESS=(PROTOCOL=ipc)(KEY=EXTPROC1521)))
Listening on: (DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=TESTDB02)(PORT=1521)))
Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=IPC)(KEY=EXTPROC1521)))
STATUS of the LISTENER
------------------------
Alias LISTENER
Version TNSLSNR for Linux: Version 11.2.0.1.0 - Production
Start Date 15-OCT-2013 06:09:31
Uptime 0 days 0 hr. 0 min. 0 sec
Trace Level off
Security ON: Password
SNMP OFF
Listener Parameter File /home/oracle/app/oracle/product/11.2.0/network/admin/listener.ora
Listener Log File /home/oracle/app/diag/tnslsnr/TESTDB02/listener/alert/log.xml
Listening Endpoints Summary...
(DESCRIPTION=(ADDRESS=(PROTOCOL=ipc)(KEY=EXTPROC1521)))
(DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=TESTDB02)(PORT=1521)))
Services Summary...
Service "orcl" has 1 instance(s).
Instance "orcl", status UNKNOWN, has 1 handler(s) for this service...
The command completed successfully
5.此时去查看或者关闭监听时需要密码了
LSNRCTL for Linux: Version 11.2.0.1.0 - Production on 15-OCT-2013 06:09:37
Copyright (c) 1991, 2009, Oracle. All rights reserved.
Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=IPC)(KEY=EXTPROC1521)))
TNS-01169: The listener has not recognized the password
[oracle@TESTDB02 admin]$ lsnrctl status
LSNRCTL for Linux: Version 11.2.0.1.0 - Production on 15-OCT-2013 06:09:37
Copyright (c) 1991, 2009, Oracle. All rights reserved.
Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=IPC)(KEY=EXTPROC1521)))
TNS-01169: The listener has not recognized the password