HPE Community
Operating System - HP-UX
1752815 Members
5993 Online
108789 Solutions
New Discussion юеВ

Re: Changing the listener password

 
SOLVED
Go to solution
Jeff Ohlhausen
Frequent Advisor

тАО06-29-2005 07:23 AM

тАО06-29-2005 07:23 AM

Changing the listener password

Hello,
Due to security reasons I have been trying to change the listener password on several systems I administer. However, I get the same error message on many servers. Here is the error message. Does anyone have any suggestions?
LSNRCTL> change password
Old password:
New password:
Reenter new password:
TNS-01101: Could not find service name
NNC-00405: network failure
Do or do not - there is no try.
0 Kudos
16 REPLIES 16
Sandman!
Honored Contributor

тАО06-29-2005 08:34 AM

тАО06-29-2005 08:34 AM

Re: Changing the listener password

Make sure you have a valid "tnsnames.ora" file and also double-check to see if there aren't multiple copies of that file (in different directories). This maybe the reason why the lsnrctl utility is complaining. Have had that happen to me before.

Do a search on tnsnames.ora as follows:

# find / -name "tnsnames.ora" -type f -print
0 Kudos
Yogeeraj_1
Honored Contributor

тАО06-29-2005 04:32 PM

тАО06-29-2005 04:32 PM

Re: Changing the listener password

hi,

According to the net8 admin guide, you can:

LSNRCTL> change_password
Old password:
New password:
Reenter new password:
Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=ydserver)(PORT=1521)))
Password changed for LISTENER
The command completed successfully

LSNRCTL> set password
Password:
The command completed successfully

LSNRCTL> save_config
Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=ydserver)(PORT=1521)))
Saved LISTENER configuration parameters.
Listener Parameter File /u01/home/ora817/network/admin/listener.ora
Old Parameter File /u01/home/ora817/network/admin/listener.bak
The command completed successfully
LSNRCTL>

Following which, you need to use a password to do various operations (such as STOP) but not others (such as STATUS)

Can you post the output of "lsnrctl serv"?

regards
yogeeraj
No person was ever honoured for what he received. Honour has been the reward for what he gave (clavin coolidge)
0 Kudos
Volker Borowski
Honored Contributor

тАО06-30-2005 03:47 AM

тАО06-30-2005 03:47 AM

Re: Changing the listener password

Hello,
may be your listener is not named LISTENER ?

In this case you need to set it first i.e.

set current_listener LISTENERSID

Volker
0 Kudos
Eric Antunes
Honored Contributor

тАО06-30-2005 08:33 PM

тАО06-30-2005 08:33 PM

Re: Changing the listener password

Hi,

Why don't you change the database(s) user(s) password(s)?? This is how I restrict database accesses: I'm the only user with access to SYS and SYSTEM users...

To change database password(s), execute the following for each user in SQL*Plus:

SQL>alter user identified by ;

Regards,

Eric Antunes
Each and every day is a good day to learn.
0 Kudos
Volker Borowski
Honored Contributor

тАО07-01-2005 05:40 AM

тАО07-01-2005 05:40 AM

Re: Changing the listener password

Eric,

this is not sufficiant.
Google for "oracle listener glogin.sql exploit".
One of the less serious things that could happen is someone shutting down your Listener remotely. One of the worst would be to fill in disruptive stuff in your glogin.sql and wait for the OS-"oracle" User to call sqlplus.....

Serious danger from unprotected listeners!
Volker
0 Kudos
Eric Antunes
Honored Contributor

тАО07-03-2005 09:00 PM

тАО07-03-2005 09:00 PM

Re: Changing the listener password

Hi Volker,

To run glogin.sql for example, "they" must get in the domain (windoze: possible ;) ) and get in the server (Unix: dificult :D ) first...
Each and every day is a good day to learn.
0 Kudos
Volker Borowski
Honored Contributor

тАО07-04-2005 06:54 AM

тАО07-04-2005 06:54 AM

Re: Changing the listener password

Hi Eric,

no you do not need to "get in" !

IP-connection and access to the Listener Port is all you need (if no password on the listener), no OS account at all (UNIX & Windows) !

See this:

http://www.red-database-security.com/exploits/oracle_exploit_tns_listener.html

When remote administration of the listener is possible, you can change the destination of the logfile. Since the account running the Listener usually is the Oracle-OS-Account, this account has write access to glogin.sql or login.sql or attack $HOME/.rhosts and ...

On windows in 8.1 standard installations, the Listener runs unter the system-acoount...

There are various even more detailed exploits in the net, that I do not like to feed with more links.

Volker
0 Kudos
Eric Antunes
Honored Contributor

тАО07-04-2005 09:20 PM

тАО07-04-2005 09:20 PM

Re: Changing the listener password

Hi Volker,

In my situation (private domain), there is no way to connect to the database server without being IN the domain (intranet). Nevertheless, a domain attack can happen and I'll be cautious about this kind of security questions...

Regards,

Eric Antunes
Each and every day is a good day to learn.
0 Kudos
Jeff Ohlhausen
Frequent Advisor

тАО08-12-2005 07:35 AM

тАО08-12-2005 07:35 AM

Re: Changing the listener password

Hi,
I'm still working on this. I was on vacation for a bit. Thanks for everyone's help. I was using the procedure described above to change the password but no luck. Here is the requested output:
LSNRCTL> serv
Connecting to (ADDRESS=(PROTOCOL=IPC)(KEY=DEV.WORLD))
Services Summary...
Service "DEV" has 1 instance(s).
Instance "DEV", status UNKNOWN, has 1 handler(s) for this service...
Handler(s):
"DEDICATED" established:364 refused:0
LOCAL SERVER
The command completed successfully
Do or do not - there is no try.
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.