On 16 feb 2011, at 18:49, Robert Clark wrote:
> It is hard to argue that the default isn't good practice.
>
setting tcpadminport to something different from the tcppport, and setting
adminonclientport to no allows you to prevent unauthorized access to tsm admin
interface via a firewall. Since the non-ssl admin interface sends the passwords
in plain text, this might be a very good idea. Also, in those cases where your
TSM server needs to be reachable from a more or less untrusted network, this
provides an increased level of security.
Thus, there are plenty of reasons not to use the default, and some are very
easy to defend. Having said that, this all might or might not apply to your
environment.
> Thanks,
> [RC]
--
Met vriendelijke groeten/Kind Regards,
Remco Post
r.post AT plcs DOT nl
+31 6 248 21 622
|