This has been discussed previously in this list.
ADSM does not send unencrypted passwords in the clear
across the network and does have
its own Kerberos-like security mechanism. There have been
instances of passwords on the command line being available,
but I believe these have been fixed or there are workarounds.
Barry Fruchtman
ADSM Development
On Fri, 21 Jul 1995, Helmut Richter wrote:
> If I understand it correctly, ADSM lacks any security feature as are common
> in client/server applications, such as Kerberos or one-way passwords. Instead,
> passwords are sent unencrypted across the network and they appear even in
> command lines despite the fact that this makes them publicly available (in
> some Unixes as long as the command is executed, in other Unixes such as AIX
> only for a short time until the process has had the opportunity to erase
> them).
>
> Question to IBM:
> Are there plans to add at least basic security features?
>
> Question to customers:
> If you have any sensible data, which additional security mechanisms do you
> apply to prevent unauthorized access to the data?
>
> Question to everybody:
> How can I start a client without making the node password public? If I use
> the password generate mechanism, the client has not the privilege to access
> all users' data for backup; if I specify the password, it shows up in the
> command line. Entering the password interactively each time is not feasible.
> (This has been a PMR (4515x) since 1993 but is still unresolved.)
>
> =============================================================================
> Dr. Helmut Richter
> Leibniz-Rechenzentrum X.400: S=Richter;OU=lrz;P=lrz-muenchen;A=d400;C=de
> Barer Str. 21 RFC822: Helmut.Richter AT lrz-muenchen DOT de
> D-80333 Muenchen Tel.: ++49-89-2105-8785
> Germany Fax: ++49-89-2809460
> =============================================================================
>
|