Set Up Oracle Listener Authentication

Create Oracle Listener records to connect to Oracle TNS Listeners in order to enumerate information about databases behind the Oracle Listeners.

When authentication to an Oracle Listener is successful and databases behind the Listener are discovered, the QID 19225 "Retrieved Oracle Database Name" is returned in the scan results. This is an information gathered check that lists the names of the databases discovered behind the Listener. This information is useful if you want to create Oracle authentication records on those databases and need the Oracle System IDs (SIDs).

Where do I see the list of databases?Where do I see the list of databases?

In your scan results, expand details for QID 19225 and look at the Results section to get the list of database names.

Sample Results:

ORACLE SID = oracle
ORACLE SID = testdb

Which technologies are supported?

For the most current list of supported authentication technologies and the versions that have been certified for VM and PC by record type, please refer to the following article: 

Authentication Technologies Matrix

Important - Oracle Listener authentication is not supported for Oracle Database 11g Release 2 (11.2) and later because the Oracle Listener password feature was deprecated.


- Go to Scans > Authentication.

- Check that you already have a record defined for each host running database instances.

- Create a Oracle Listener record for the database instance. Go to New > Databases > Oracle Listener.

Enter the password for the Oracle Listener. If more than one Listener is detected on a single host, then the same password is attempted on each Listener.

Select the target hosts (IPs) to authenticate to. Multiple Oracle Listener records with different passwords may be created for each host.

We support integration with multiple third party password vaults. Just go to Scans > Authentication > Authentication Vaults and tell us about your vault system. Then choose Authentication Vault in your record and select your vault name. At scan time, we'll authenticate to hosts using the account name in your record and the password we find in your vault.

When a Unit Manager edits a record, the Unit Manager only sees the IPs in the record that they have permission to. Any changes made by the Unit Manager to the record settings will apply to all hosts defined in the record, regardless of whether all hosts belong to the user's business unit. The record may contain more IPs that are not visible to the Unit Manager.


Quick Links

Why use host authentication