On Mon, 20 Jan 1997 08:54:21 -0600 LAbbinante said:
>I thought that this would be a problem also, but you can code a USERS
>parm in the dsm.sys file and only allow certain users to invoke the
>software.  So, if you know the password but aren't an authorized user,
>the password is really useless.

Unless they install there own copy of the software with their own set
of users on the USERS parm.
I suspect that the temp answer to this one is to use the password generate
option. This stores the password encrypted in a file. The line mode client
uses this file to supply the password. You can then use the unix acl or other
security services to secure the password file.
The long term solution would be to tie the security into the user's logon.
Instead of using a password per node. Have a password per user per node.
Then in the logon procedure for unix get a security
token for adsm use also.


>Another thing you could do, which is kind of a haphazard fix, is place
>the ADSM software in a deep subdirectory, (much like the AIX install
>dir of /usr/lpp/adsm/bin).  What happens, I've found, is that the
>command is too long for the 'grep dsmc' to pick up the password, that
>usually occurs at the end.  So your password is not revealed.  Just a
>couple of ideas....
>----------
>From: ADSM-L(a)VM.MARIST.EDU; jldw(a)CLI58AS.DER.EDF.FR
>To: ADSM-L(a)VM.MARIST.EDU
>Subject: Password visibility in the client command line
>Date: Monday, January 20, 1997 8:06AM
>
>If a user issue the following command:
>dsmc -node=<nodename> -pass=<secret password>
>all other users are able to see his password with a command like:
>ps -edf | grep dsmc.
>It seems to bee a real problem of security for us.
>Can anyone help me to find a way to enter a real secret password at the
>CLI command line
>when I use the -node option?
>        JLDW