Re: Client login with admin id and password
2003-03-18 03:21:10
One could always export a node's data and import it on a different TSM
server. There you can change the password without anyone knowing.
-----Original Message-----
From: Paul Zarnowski [mailto:vkm AT CORNELLC.CIT.CORNELL DOT EDU]
Sent: 17 March 2003 17:54
To: ADSM-L AT VM.MARIST DOT EDU
Subject: Re: Client login with admin id and password
Dwight,
What you say is true, but.... If an admin changes the node's password,
they have left tracks. They cannot change the password back to what it
was, unless they knew what it was to start with. The next time the client
goes to use TSM, they will be aware that their password was changed.
I was amazed to find out that admins could do this without leaving
tracks. This is somewhat disconcerting.
..Paul
At 09:03 AM 3/12/2003 -0800, Cook, Dwight E wrote:
>Well, since a "system privileged admin id" could change the node's password
>and then connect without using their admin id & password (use the one they
>just set it to) I can see why the straight use of their id & password would
>be allowed.
>
>Just another reason why management should pay their TSM admin's well ;-)
>
>Dwight
>
>
>
>-----Original Message-----
>From: Gerhard Rentschler [mailto:g.rentschler AT RUS.UNI-STUTTGART DOT DE]
>Sent: Wednesday, March 12, 2003 10:01 AM
>To: ADSM-L AT VM.MARIST DOT EDU
>Subject: Client login with admin id and password
>
>
>Hello,
>I always thought that a tsm admin does not have access to client data. I
>think I learned something new.
>Calling dsmc or dsm with -node=tarzan and specifying a valid admin id and
>password (system privilege) gives access to node tarzan's data. At least it
>is possible to list the files. I haven't tried to restore data. This is
>indeed documented. However, I would prefer if there were a message in the
>activity log saying that admin id was used.
>Am I wrong? Could someone explain this feature in more detail?
>
>Best regards
>Gerhard
>---
>Gerhard Rentschler email:g.rentschler AT rus.uni-stuttgart DOT de
>Regional Computing Center tel. ++49/711/685 5806
>University of Stuttgart fax: ++49/711/682357
>Allmandring 30a
>D 70550
>Stuttgart
>Germany
--
Paul Zarnowski Ph: 607-255-4757
719 Rhodes Hall, Cornell University Fx: 607-255-8521
Ithaca, NY 14853-3801 Em: psz1 AT cornell DOT edu
Any e-mail message from the European Central Bank (ECB) is sent in good faith
but shall neither be binding nor construed as constituting a commitment by the
ECB except where provided for in a written agreement.
This e-mail is intended only for the use of the recipient(s) named above. Any
unauthorised disclosure, use or dissemination, either in whole or in part, is
prohibited.
If you have received this e-mail in error, please notify the sender immediately
via e-mail and delete this e-mail from your system.
|
<Prev in Thread] |
Current Thread |
[Next in Thread>
|
- Client login with admin id and password, Gerhard Rentschler
- Re: Client login with admin id and password, Karel Bos
- Re: Client login with admin id and password, Cook, Dwight E
- Re: Client login with admin id and password, Andrew Raibeck
- Re: Client login with admin id and password, Prather, Wanda
- Re: Client login with admin id and password, Cook, Dwight E
- Re: Client login with admin id and password, Paul Zarnowski
- Re: Client login with admin id and password, Zlatko Krastev/ACIT
- Re: Client login with admin id and password,
Baines, Paul <=
- Re: Client login with admin id and password, Paul Zarnowski
- Re: Client login with admin id and password, Andrew Raibeck
- Re: Client login with admin id and password, Prather, Wanda
- Re: Client login with admin id and password, Andrew Raibeck
- Re: Client login with admin id and password, Prather, Wanda
- Re: Client login with admin id and password, Rushforth, Tim
- Re: Client login with admin id and password, Prather, Wanda
- Re: Client login with admin id and password, Baines, Paul
|
|
|