Andrew -

I don't know what your environment is or how your restorals are
invoked, but if Unix, a relatively simple expedient would be to put the
sensitive stuff inside a Perl or C executable which would be invoked
via sudo and thereby perform the 'dsmc'. The executable would otherwise
have no read access to other than root, so no peeking inside, where
there would be one super-duper password or a table of passwords per
node (or you could implement a hashed database). Proper evaluation of
its invocation args will prevent security problems. The sudo log will
record usage.

   Richard Sims

On May 2, 2005, at 2:59 PM, Andrew Carlson wrote:

This is a little embarassing, so bear with me.  Since day one, with
ADSM on
the mainframe, we have used a password that matches the nodename.
Yes, I
know, not very secure.

In our environment, we have a help desk that does restores, as well as
a
number of admins that end up doing restores that the help desk cannot
handle.  We currently have almost 900 nodes.  How do you all manage
your
passwords?

The ideas we came up with are:

A standard, but secret password for all nodes - dangerous if someone
gets it, they have access to all servers.  Also, if it's changed
periodically, we have to touch all the servers

A separate password per node, but not tied to the nodename.  This would
require a protected password list stored somewhere for the people doing
restores to access.

Thanks for any input on this.

--

Andy Carlson - Senior Technical Specialist
BJC Healtcare
-----------------------------------------------------------------------
----
Gamecube:$150,PSO:$50,Broadband Adapter: $35, Hunters License:
$8.95/month,
The feeling of seeing the red box with the item you want in
it:Priceless.