ADSM-L

Re: password encryption

2003-02-19 20:02:11
Subject: Re: password encryption
From: Andrew Raibeck <storman AT US.IBM DOT COM>
To: ADSM-L AT VM.MARIST DOT EDU
Date: Wed, 19 Feb 2003 18:01:33 -0700
To clarify my earlier response on this:

The (encrypted) password is not actually sent between client and server,
except when the password is being changed. During authentication, the
client sends the server a message that is encrypted using the password as
the key. The server knows what the decrypted message should be, so if the
wrong password was used to encrypt the message, then the authentication
will fail.

Regards,

Andy

Andy Raibeck
IBM Software Group
Tivoli Storage Manager Client Development
Internal Notes e-mail: Andrew Raibeck/Tucson/IBM@IBMUS
Internet e-mail: storman AT us.eyebm DOT com (change eye to i to reply)

The only dumb question is the one that goes unasked.
The command line is your friend.
"Good enough" is the enemy of excellence.




Andrew Raibeck/Tucson/IBM@IBMUS
Sent by: "ADSM: Dist Stor Manager" <ADSM-L AT VM.MARIST DOT EDU>
02/19/2003 14:56
Please respond to "ADSM: Dist Stor Manager"


        To:     ADSM-L AT VM.MARIST DOT EDU
        cc:
        Subject:        Re: password encryption



The password is indeed encrypted.

Regards,

Andy

Andy Raibeck
IBM Software Group
Tivoli Storage Manager Client Development
Internal Notes e-mail: Andrew Raibeck/Tucson/IBM@IBMUS
Internet e-mail: storman AT us.eyebm DOT com (change eye to i to reply)

The only dumb question is the one that goes unasked.
The command line is your friend.
"Good enough" is the enemy of excellence.




"Prather, Wanda" <Wanda.Prather AT JHUAPL DOT EDU>
Sent by: "ADSM: Dist Stor Manager" <ADSM-L AT VM.MARIST DOT EDU>
02/19/2003 14:40
Please respond to "ADSM: Dist Stor Manager"


        To:     ADSM-L AT VM.MARIST DOT EDU
        cc:
        Subject:        Re: password encryption



I've always been told that the password is NOT sent in plain text, it's
encrypted.
(but I've never had a sniffer to check it myself).

-----Original Message-----
From: Eliza Lau [mailto:lau AT VTCAT.CC.VT DOT EDU]
Sent: Wednesday, February 19, 2003 10:36 AM
To: ADSM-L AT VM.MARIST DOT EDU
Subject: password encryption


Does anyone know how the stored password on the client machine is passed
to the server for authentication?

The user has 'password generate' in his dsm.opt.  The password is stored
in the Registry of his Windows 2000 client.  When the TSM client starts
is the password sent to the server in plain text or encrypted?

Thanks,
Eliza Lau
Virginia Tech Computing Center
1700 Pratt Drive
Blacksburg, VA 24060

<Prev in Thread] Current Thread [Next in Thread>