Re: Why does dsm think I am root?
Andy Raibeck wrote:
> I agree that it is not clear at all that you can use the SERVERNAME
> option to point to the same ADSM server, but with different settings
> (like NODENAME). And in general, the security issues associated with
> the ADSM UNIX clients need to be documented better, too. I will look
> into this.
The security issues raised by ADSM go beyond client operations as such.
There are a variety of concerns about hostile parties eavesdropping on
data in transit, altering data in transit, posing as a server to trick
client software into taking inappropriate actions, or posing as a client
to trick server software into taking inappropriate actions. I don't
think our ADSM installation could pass any sort of serious security
audit. I don't know whether its inability to pass such an audit is a
result of inadequate security or adequate but undocumented security.
The one piece of relevant information I have is not encouraging: IBM
doesn't think the matter important enough to warrant any discussion in
the ADSM manuals.