ADSM-L
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Passwords for client restores

2004-08-20 12:20:27
Subject: Re: Passwords for client restores
From: "Prather, Wanda" <Wanda.Prather AT JHUAPL DOT EDU>
To: ADSM-L AT VM.MARIST DOT EDU
Date: Fri, 20 Aug 2004 12:20:44 -0400 
Ditto.

And you betcha, your auditors are gonna scream!

Set PASSWORDACCESS GENERATE on the client, and PASSWORD EXPIRATION LIMIT to
n days on the server (you can set 1 default, and override on an individual
client basis if needed).  Our limit is set to 90 per auditors.

You must supply the password to the client the FIRST TIME the client is
started.  It gets encrypted and saved on the client end.  (In the registry
for Windows, into a root-only dir on *IX).  Whenever the TSM code is started
on the client machine, it gets the pwd from the registry, no one is prompted
for the password.  Every n days, the password expires, the server GENERATES
a new password and sends it down to the client, gets encrypted into the
registry, etc.  So NOBODY needs to know the pwd.

To do restores to another machine, or via the web gui, as David says, you
can use your admin id and password.

-----Original Message-----
From: ADSM: Dist Stor Manager [mailto:ADSM-L AT VM.MARIST DOT EDU] On Behalf Of
David E Ehresman
Sent: Friday, August 20, 2004 12:02 PM
To: ADSM-L AT VM.MARIST DOT EDU
Subject: Re: Passwords for client restores


We use the Pasword Generate option so that if you can log onto the box
with the appropriate privs to run dsmc or dsm, you can restore without
supplying a password.  If the restore is from another box, we used an
appropriately prived admin id which eliminates the need to know the node
password.

David

>>> rod.park AT TYSON DOT COM 8/20/2004 11:40:30 AM >>>
 Right now we have about 800 clients and to do a restore, the password
is
the same for all clients. How are others doing this. We don't want to
be in
the business of password generation/maintenance to change passwords all
the
time. We also don't want just anybody being able to do a restore on any
box
because the passwords are the same everywhere. We are probably going to
get
hammered by auditors before long about having the same password. Any
suggestions would be appreciated.


This email and any files transmitted with it are confidential and
intended solely for the use of the addressee. If you are not the
intended addressee, then you have received this email in error and any
use, dissemination, forwarding, printing, or copying of this email is
strictly prohibited. Please notify us immediately of your unintended
receipt by reply and then delete this email and your reply. Tyson Foods,
Inc. and its subsidiaries and affiliates will not be held liable to any
person resulting from the unintended or unauthorized use of any
information contained in this email or as a result of any additions or
deletions of information originally contained in this email.
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Passwords for client restores, David E Ehresman
Next by Date:  Deleting obsolete copypool with multiple volumes, Jin Bae Chi
Previous by Thread:  Re: Passwords for client restores, David E Ehresman
Next by Thread:  Deleting obsolete copypool with multiple volumes, Jin Bae Chi
Indexes:  [Date] [Thread] [Top] [All Lists]