Another security issue might be that id/pass specified on the command line
shows up in "ps -ef" output. According to TSM docs if a malicious user is
able to obtain the TSM node_id/password this is roughly equvalent to break
of root password. In fact he/she can restore to another node part or the
whole system data.
On a multi-user node this can really be a problem.
So "passwordaccess generate" or piping the input are better solutions.

Zlatko Krastev
IT Consultant





David McClelland <DAVIDMCCLELLAND AT UK.IBM DOT COM> on 04.10.2001 11:56:02
Please respond to "ADSM: Dist Stor Manager" <ADSM-L AT VM.MARIST DOT EDU>
To:     ADSM-L AT VM.MARIST DOT EDU
cc:

Subject:        Re: Ask again.

Dwight,

I guess it just depends upon whether you might have a security concern with
hard coding passwords into scripts - this will also cause a problem when a
password expires on the server (the period of which can be set of course)
afterwhich you'll either have to update your password in each one of your
scripts or on your server. It all comes down to how stringent your security
regulations are I guess... With 'passwordaccess generate' in your dsm.sys
you'll never have to faff about again!

Rgds,

David McClelland
---------------------------
Tivoli Storage Management Team
Tivoli Storage Management Team
IBM EMEA Technical Centre,
Internet: davidmcclelland AT uk.ibm DOT com



Please respond to "ADSM: Dist Stor Manager" <ADSM-L AT VM.MARIST DOT EDU>

Sent by:  "ADSM: Dist Stor Manager" <ADSM-L AT VM.MARIST DOT EDU>


To:   ADSM-L AT VM.MARIST DOT EDU
cc:
Subject:  Re: Ask again.



just add the
        -pass=blah
to your dsmc incr and it shouldn't ask for the id...
        dsmc incr -pass=blah <somedir>
now this would be with passwordaccess prompt which is what we run our unix
clients with...

Dwight