|
Re: Client login with admin id and password
2003-03-18 12:05:30
Andy,
ANR0406 just shows the nodename for the client:
03/18/2003 11:51:39 ANR0406I Session 70211 started for node PRATHW1 (WinNT)
(Tcp/Ip 128.244.81.137(1160)).
When I access data from another machine (not my own) using dsm
-virtualnodename and override the clients password with my admin id, the
text for ANR0406 STILL just shows the nodename:
03/18/2003 11:51:39 ANR0406I Session 70211 started for node XNBOSS (WinNT)
(Tcp/Ip 128.244.81.137(1160)).
You can't see that I (as administrator) accessed the data from that node and
restored it to my own machine, thereby gaining access to data I normally
don't have the rights to see.
I think that's why people who have to comply with the new hPPA (? I don't
remember the exact acronym) privacy laws are concerned about auditing for
this access.
But then I'm still at 4.2.1.15. Is it different in 5.1?
-----Original Message-----
From: Andrew Raibeck [mailto:storman AT US.IBM DOT COM]
Sent: Tuesday, March 18, 2003 10:38 AM
To: ADSM-L AT VM.MARIST DOT EDU
Subject: Re: Client login with admin id and password
TSM does leave some footprints. Refer to messages ANR0406I and ANR1639I.
With that said, I suppose that TSM could be made even more secure (at the
cost of flexibility), but I would say that this falls into the area of
"requirement", not "defect".
Regards,
Andy
Andy Raibeck
IBM Software Group
Tivoli Storage Manager Client Development
Internal Notes e-mail: Andrew Raibeck/Tucson/IBM@IBMUS
Internet e-mail: storman AT us.eyebm DOT com (change eye to i to reply)
The only dumb question is the one that goes unasked.
The command line is your friend.
"Good enough" is the enemy of excellence.
Gerhard Rentschler <g.rentschler AT RUS.UNI-STUTTGART DOT DE>
Sent by: "ADSM: Dist Stor Manager" <ADSM-L AT VM.MARIST DOT EDU>
03/18/2003 08:11
Please respond to "ADSM: Dist Stor Manager"
To: ADSM-L AT VM.MARIST DOT EDU
cc:
Subject: Re: Client login with admin id and password
Hello,
> IMHO, the TSM server really needs to leave better tracks for this type
of
> activity.
>
> ..Paul>
that's what I would like to have. In Germany we have a law which requires
that access to data which is related to individuals must be restricted and
logged. That means that on request it should be possible to tell who
accessed the data. With TSM this is not possible. Is it possible to open a
pmr on this ground?
Best regards
Gerhard
---
Gerhard Rentschler email:g.rentschler AT rus.uni-stuttgart DOT de
Regional Computing Center tel. ++49/711/685 5806
University of Stuttgart fax: ++49/711/682357
Allmandring 30a
D 70550
Stuttgart
Germany
|
| <Prev in Thread] |
Current Thread |
[Next in Thread>
|
- Re: Client login with admin id and password, (continued)
- Re: Client login with admin id and password, Prather, Wanda
- Re: Client login with admin id and password, Cook, Dwight E
- Re: Client login with admin id and password, Paul Zarnowski
- Re: Client login with admin id and password, Zlatko Krastev/ACIT
- Re: Client login with admin id and password, Baines, Paul
- Re: Client login with admin id and password, Paul Zarnowski
- Re: Client login with admin id and password, Andrew Raibeck
- Re: Client login with admin id and password,
Prather, Wanda <=
- Re: Client login with admin id and password, Andrew Raibeck
- Re: Client login with admin id and password, Prather, Wanda
- Re: Client login with admin id and password, Rushforth, Tim
- Re: Client login with admin id and password, Prather, Wanda
- Re: Client login with admin id and password, Baines, Paul
|
|
|
