Hi Steve. It's still an island, although there seems to be a bit of a
causeway on the horizon. The ISC-AC v6.1 security makes one hope that the
causeway might lead to LDAP.

Joerg Pohlmann
250-245-9863


"ADSM: Dist Stor Manager" <ADSM-L AT VM.MARIST DOT EDU> wrote on 2009-08-04
17:43:21:

> Great information Jeorg, thanks
>
> One issue that I found with older versions of ISC was that there seemed
> to be no easy way to preserve/copy/update the ISC security information.
> It was its own island and I also found it for the most part
> incomprehensible.  That may just be because I did not take the time to
> fully understand the security model, but hey, I'm a backups guy not a
> security guy.
>
> Has ISC Security improved with later versions, and can it easily be
> copied/preserved through ISC updates or integrated with other standard
> security products/unix security/ldap/windows AD or is it still its own
> island?
>
> Thanks
>
> Steve.
>
> TSM Admin, between jobs, Sydney
>
>
> Joerg Pohlmann wrote:
> > Here is a suggestion for proper auditability of ISC-AC based TSM
> > administration:
> >
> > 1) create an ISC ID for each TSM administrator
> > 2) create a TSM admin ID for each TSM administrator and grant auth ...
> > cl=sys
> > 3) have each TSM administrator add their server connection on the ISC
> > (under "Manage Servers" on the ISC-AC v6.1) using their TSM admin ID
> > 4) lock admin ADMIN
> > 5) remove the server connection from the ISC ID iscadmin
> >
> > You now have an auditable trail in the activity log of "who did what".
> >
> > Joerg Pohlmann
> > 250-245-9863
> >
> >
> > "ADSM: Dist Stor Manager" <ADSM-L AT VM.MARIST DOT EDU> wrote on 2009-07-30
> > 12:53:22:
> >
> >
> >> Is there any log in the ISC/AC (ICS 6.01 and AC 5.5) that would show
me
> >>
> > who
> >
> >> logged on from where at a particular time? I have a client (inherited)
> >>
> > That
> >
> >> has people all using the ADMIN userid and some's been updating
schedules
> >>
> > and
> >
> >> completely mucking up the works. From the activity log I can trace the
> >> commands down to user ADMIN coming from the ISC IP address. Now I just
> >>
> > need
> >
> >> to find out who logged in to that. They all also use the ISCADMIN
userid
> >>
> > for
> >
> >> that..again inherited. If I can find out the IP address of who logged
on
> >>
> > to
> >
> >> the ISC.I'll be 1 more step along the path to find this joker. Maybe
the
> >>
> > WAS
> >
> >> component has a log somethere?
> >>
> >>
> >>
> >> Any help will be greatly appreciated.as I move them to individual
userids
> >> for both TSM and ISC.
> >>
> >>
> >>
> >> Bill Boyer
> >>
> >> "He who laughs last probably made a back-up." Murphy's law of
computing
> >>
------------------------------------------------------------------------
> >>
> >>
> >> No virus found in this incoming message.
> >> Checked by AVG - www.avg.com
> >> Version: 8.5.392 / Virus Database: 270.13.44/2282 - Release Date:
> 08/04/09 18:01:00
> >>
> >>