ADSM-L

Re: Regular output of figures from ADSM

2000-01-27 11:50:29
Subject: Re: Regular output of figures from ADSM
From: Glen Hattrup <ghattrup AT US.IBM DOT COM>
Date: Thu, 27 Jan 2000 09:50:29 -0700
Alan (and others following the security aspect)

Your first statement is very apropos.  From the feedback our marketing team
has received thus far (hint, hint :-), changing the way "security" is
implemented has not been a very high priority item.  As I'm sure all of you
can relate to with your bosses, the list of things "to do" is always much
longer than the available time allotted.  I could rattle off a list of our
current high priority items, but I feel that would be approaching whining
and kind of unnecessary.  Not to mention that it's more fun to keep people
guessing (just kidding!).

In any case, contact your marketing reps with Tivoli & specifically TSM.
Let them know what you want to see happen.  If it's an admin API, ask for
that.  If you want security within TSM / within your domain, well ask for
that as well and how you want it implemented.  If your company *really*
wants something done, offer to pay for that development.  I can assure you
that marketing is very responsive to requests placed for development items.
Just keep in mind that there is a development queue and what you're trying
to do is move your item up the line.

It is possible to change the fundamental model of TSM.  As with any
product, there are ceratin base assumptions that are made in order to make
the scale of the project feasible.  If the needs of the market change, then
the product model must adapt to the new requirements.

I don't mean to get up on a soapbox here.  I just realize that ADSM-L is
not the *best* forum for submitting requirements to marketing.  A few
Marketers hang out here, but the primary focus of this forum is not new
requirements.

HtH

Glen Hattrup
Tivoli Storage Manager
Server Development Team


"Alan R. White" <arw AT TIPPER.DEMON.CO DOT UK>@VM.MARIST.EDU> on 01/26/2000
03:40:41 PM

Please respond to "ADSM: Dist Stor Manager" <ADSM-L AT VM.MARIST DOT EDU>

Sent by:  "ADSM: Dist Stor Manager" <ADSM-L AT VM.MARIST DOT EDU>


To:   ADSM-L AT VM.MARIST DOT EDU
cc:
Subject:  Re: Regular output of figures from ADSM



Depends on what we mean by security here folks, or the degree with which
you
wish to apply it.

You'll need to stop all other user logons to the box as while this command
is running a quick 'ps -ef' will on most unix platforms reveal the full
command line after variable substitutions, ie you will see the password in
clear text. Any logged on user can run this - I heard there was also a rpc
based means of running remote ps commands to (over and above the regular
rsh
stuff).

In short, come on development - address some of the real issues with
adsm/tsm which give everyone a headache with mind-numbing discussions with
out internal security experts who want to stop all of what they see as
'loopholes'.

Release a documented admin API, perl library or whatever which deals with
this or a means of devolving trust for authentication to the operating
system, i.e. a bit like passwordaccess generate. Integrate some of the
server stuff with real external schedulers or embed a real scripting
language and fix the internal scheduler to understand dependancies.

Regards
Alan on a soapbox again.