ADSM-L

Re: Password Management

2005-05-02 15:42:44
Subject: Re: Password Management
From: Laurent Bendavid <bendavid.laurent AT FREE DOT FR>
To: ADSM-L AT VM.MARIST DOT EDU
Date: Mon, 2 May 2005 21:42:11 +0200
Andrew Carlson wrote:

This is a little embarassing, so bear with me.  Since day one, with
ADSM on
the mainframe, we have used a password that matches the nodename.  Yes, I
know, not very secure.

In our environment, we have a help desk that does restores, as well as a
number of admins that end up doing restores that the help desk cannot
handle.  We currently have almost 900 nodes.  How do you all manage your
passwords?

The ideas we came up with are:

A standard, but secret password for all nodes - dangerous if someone
gets it, they have access to all servers.  Also, if it's changed
periodically, we have to touch all the servers

A separate password per node, but not tied to the nodename.  This would
require a protected password list stored somewhere for the people doing
restores to access.

Thanks for any input on this.

--

Andy Carlson - Senior Technical Specialist
BJC Healtcare
---------------------------------------------------------------------------

Gamecube:$150,PSO:$50,Broadband Adapter: $35, Hunters License:
$8.95/month,
The feeling of seeing the red box with the item you want in it:Priceless.


An other way is to have a computed password for your TSM nodes and use
the privilege NODE for your help-desk. In my company, we use a script
that synchronize LDAP Group for admin / operator / help-desk with TSM
admin and privilege. Every day, the script update TSM privilege and add
/ delete TSM admin. So each help-desk people connect with his logon to
TSM nodes.

<Prev in Thread] Current Thread [Next in Thread>