ADSM-L
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

How do you secure the passwd in a TSM admin command run a via batch script

2002-02-13 15:51:46
Subject: How do you secure the passwd in a TSM admin command run a via batch script
From: StorageGroupAdmin StorageGroupAdmin <StorageGroupAdmin AT SYDNEYWATER.COM DOT AU>
Date: Thu, 14 Feb 2002 07:48:58 +1000 
I would like to run a UNIX script that issues a series of TSM commands
that require  SYSTEM access rights ( DEFINE MACHINE & INSERT MACHINE).

The problem I have is that I am forced to have a TSM ID and PASSWD
within the script or in an input file therefore accessible to a
multitude of people.

Firstly, I have trouble understanding why these two commands require
SYSTEM access.

Secondly,  I would like to see the TSM security  re-worked so that
either;
specific functions could be added and removed from the generic access
class as required (ie Operator could be extended to allow the INSERT
MACHINE cmd).

OR

An individual users access could be extended to include / exclude
commands.

For those with mainframe / DFSMShsm knowledge, what I am imagining here
is that a PATCH like command that could be applied to the aplication to
redefine the required access.


Since the TSM developers also read this discussion group I am hoping
enough people will agree and comment as such so to plant the seed of
thought with the developers.


I also would appreciate if anyone could suggest a method to secure the
password from prying eyes. I can only think of making the file hidden
but that has it's own problems.


I imagine that similar situations will become more common place as task
dependancies on separate server grow and the scheduling of tasks must be
removed from the specific application (such as TSM) to a centralised
scheduling system.   For example, a file must successfully be written on
server A before the TSM backup starts.



Peter Griffin
Sydney Water


-----------------------------------------------------------
This e-mail is solely for the use of the intended recipient
This e-mail is solely for the use of the intended recipient
and may contain information which is confidential or
privileged. Unauthorised use of its contents is prohibited.
If you have received this e-mail in error, please notify
the sender immediately via e-mail and then delete the
original e-mail.
-----------------------------------------------------------
=========================================================================
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Backup Sets for Long Term Storage, Mr. Lindsay Morris
Next by Date:  Re: AIX startup script location?, Justin Bleistein
Previous by Thread:  TDP FOR DOMINO DOES NOT CONNECT TO DOMINO, Craig Corder
Next by Thread:  Re: How do you secure the passwd in a TSM admin command run a via batch script, Mr. Lindsay Morris
Indexes:  [Date] [Thread] [Top] [All Lists]