ADSM-L

Re: Client login with admin id and password

2003-03-18 09:48:59
Subject: Re: Client login with admin id and password
From: Paul Zarnowski <vkm AT CORNELLC.CIT.CORNELL DOT EDU>
To: ADSM-L AT VM.MARIST DOT EDU
Date: Tue, 18 Mar 2003 09:47:56 -0500
Zlatko,
What you say is of course true, but in many environments, the TSM
administrator is not assumed to have root access to all of the systems that
are backed up into TSM.  This security "feature" is not akin to having root
access on a system.  Rather, it is akin to having root access to ALL
systems backed up into a TSM server.  Not the same thing at all in many
environments.

Paul Baines said:
One could always export a node's data and import it on a different TSM
server. There you can change the password without anyone knowing.

This is also true, and I did think of that, but an export would leave
tracks in the actlog on the source TSM server.

IMHO, the TSM server really needs to leave better tracks for this type of
activity.

..Paul

At 03:35 AM 3/18/2003 +0200, Zlatko Krastev/ACIT wrote:
Paul,

if I am UNIX root I would be able to perform "su <user>" and act on his
behalf. I fully agree with you that TSM ought to provide some kind of
logging in this case (just to write in actlog admin's name instead of node
ought to be enough). OTOH going back to UNIX I can edit the /var/adm/sulog
file.

Zlatko Krastev
IT Consultant






Paul Zarnowski <vkm AT CORNELLC.CIT.CORNELL DOT EDU>
Sent by: "ADSM: Dist Stor Manager" <ADSM-L AT VM.MARIST DOT EDU>
17.03.2003 18:53
Please respond to "ADSM: Dist Stor Manager"


        To:     ADSM-L AT VM.MARIST DOT EDU
        cc:
        Subject:        Re: Client login with admin id and password


Dwight,

What you say is true, but....  If an admin changes the node's password,
they have left tracks.  They cannot change the password back to what it
was, unless they knew what it was to start with.  The next time the client
goes to use TSM, they will be aware that their password was changed.

I was amazed to find out that admins could do this without leaving
tracks.  This is somewhat disconcerting.

..Paul

At 09:03 AM 3/12/2003 -0800, Cook, Dwight E wrote:
>Well, since a "system privileged admin id" could change the node's
password
>and then connect without using their admin id & password (use the one
they
>just set it to) I can see why the straight use of their id & password
would
>be allowed.
>
>Just another reason why management should pay their TSM admin's well ;-)
>
>Dwight
>
>
>
>-----Original Message-----
>From: Gerhard Rentschler [mailto:g.rentschler AT RUS.UNI-STUTTGART DOT DE]
>Sent: Wednesday, March 12, 2003 10:01 AM
>To: ADSM-L AT VM.MARIST DOT EDU
>Subject: Client login with admin id and password
>
>
>Hello,
>I always thought that a tsm admin does not have access to client data. I
>think I learned something new.
>Calling dsmc or dsm with -node=tarzan and specifying a valid admin id and
>password (system privilege) gives access to node tarzan's data. At least
it
>is possible to list the files. I haven't tried to restore data. This is
>indeed documented. However, I would prefer if there were a message in the
>activity log saying that admin id was used.
>Am I wrong? Could someone explain this feature in more detail?
>
>Best regards
>Gerhard
>---
>Gerhard Rentschler            email:g.rentschler AT rus.uni-stuttgart DOT de
>Regional Computing Center     tel.   ++49/711/685 5806
>University of Stuttgart       fax:   ++49/711/682357
>Allmandring 30a
>D 70550
>Stuttgart
>Germany


--
Paul Zarnowski                         Ph: 607-255-4757
719 Rhodes Hall, Cornell University    Fx: 607-255-8521
Ithaca, NY 14853-3801                  Em: psz1 AT cornell DOT edu


--
Paul Zarnowski                         Ph: 607-255-4757
719 Rhodes Hall, Cornell University    Fx: 607-255-8521
Ithaca, NY 14853-3801                  Em: psz1 AT cornell DOT edu