==> On Thu, 10 Nov 2005 12:59:43 +0100, Daniel Sparrman <Daniel.Sparrman AT 
EXIST DOT SE> said:


> The use of LDAP authentication would be a very neat feature. Imagine you
> could handle backup/restore authentication and admin authentication from the
> same repository you handle all other security authentications. That would
> make the security management a whole lot easier, especially in larger sites
> where you might have different departments handling
> backup/restore/administration of different servers / groups of servers.

> I'm aware the above is still technically possible today, but imagine
> handling 50-60 user accounts(not node admin accounts, but user accounts) in
> the way TSM does . Just cause you're a storage administrator it doesnt mean
> you'd like to become a user administrator aswell ;)



Amen.

I entirely agree that, when external authentication becomes an option it
should be available on a per-user basis.  When we're doing site recovery and
haven't got the authentication service up yet, we can set our critical TSM
admins to authenticate locally as is happening now.

But I've got several dozen "Local" TSM admins, and explaining to new ones why
this "Enterprise service" can't use our campuswide single sign on is my least
favorite part of the "So you're doing TSM..." dog-and-pony show.


- Allen S. Rout