On Tue, 27 May 2003, Stapleton, Mark wrote:

>One of the nice things about how Tivoli has handled TSM is that the
>authentication system is *exactly* the same, no matter what the server
>and client OS platforms may be. The same can be said for the interfaces
>and the way administration is performed. Inserting something like
>Kerberos into the mix would mean you'd have to make it work for all
>platforms that the TSM server supports--including MVS, OS/400, and
><shudder> Windows.

I'm not suggesting that Kerberos should be required for use in
TSM, just that it would be nice if TSM supported it. Having said
that, though, we have a mixed Unix/PC/Macintosh environment, and
we support Kerberos on all of these platforms. With Win2K, it's
essentially built-in to the OS, so I should think that that would
be the platform with the least worries. As far as support for
other platforms, Kerberos runs on all of the server platforms
that the most recent versions of Tivoli Storage Manager supports:
Windows NT/2000, AIX, HP-UX, Solaris, MVS/OS390, and Linux. And
the good bit is that all of those Kerberos implementations share
a common API, so it should not involve much coding to make it
work on all of the platforms.

>There are ways of scripting TSM tasks that can sidestep the clear text
>stuff, much the same as the ways you script FTP sessions without putting
>passwords where users can gefingerpoken.

True. I was merely suggesting that using Kerberos could
solve the problem in a conventional and secure manner.

 -- Tom

Thomas A. La Porte, DreamWorks SKG
<mailto:tlaporte AT anim.dreamworks DOT com>