Setting Listener Passwords With an Oracle 10g or Newer Listener (Doc ID 260986.1)

Last updated on MARCH 31, 2022

Applies to:

Goal

How to set a password for 10g and newer listeners leaving the default OS authentication mechanism in place.

In Oracle 10g and newer versions of the listener, the listener is secure out of the box. There should be no need to set a listener password to prohibit privileged LSNRCTL commands from being executed.

Beginning with version 10g, the listener now uses local OS authentication. As long as one runs LSNRCTL privileged commands (stop, status, etc) as the same user who started the listener, that user will be able to fully administer the running listener without providing a password.


This security feature is enabled by default and can be identified at listener
startup, or when issuing a LSNRCTL STATUS command, by the following output:

Security ON: Local OS Authentication

If the TNSListener is started as the "oracle" user and the user "sales" attempts
to administer the listener, or if "oracle" on a different node attempts to
administer the listener, the following error will be returned:

TNS-01190: The user is not authorized to execute the requested listener command

Solution

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.