non-expirable password

P

pbourdag

ADSM.ORG Member
Joined
Apr 24, 2008
Messages
10
Reaction score
0
Points
0
Hi guys,

I want to set some of my clients to non-expirable mode (pass expp=0 or maybe a big value like 9999). All those client are set : passwordaccess generate.

The problem is : our security rule say that I can't set a client N-E if someone know the password.

So this is my problem... I'm unable to respect this rule.

My first try was :

update admin client1 password pass exp=9999
update node client1 password pass exp=9999
Go on the client and make the first connection to create the TSM.PWD file.
update admin client1 forcep=yes
update node client1 forcep=yes


On the first client connect, it seem to only update the node (I see that in dsmadmc q admin and q node).

If I return on the client and remove the passwordaccess generate and try to connect, the original password still works.

Someone can help me on that one?

Spaces in some argument are to bypass censure ;)
 
Last edited:
Setting the password expiration parameter to a value of 0 means that the password (once set) will never expire.

After initial contect due to the PASSWORDACCESS GENERATE option, the password will be encrypted and saved in TSM.PWD (in the registry for Windows).

But the initial password will not change. This will change if the FORCEPwreset parameter is set to YES. Or you can use "set password". Than, due to PASSWORDACCESS GENERATE a new password will be generated, unknown to the user.

Take a look at the help of a 'register node'.
 
Last edited:
Ok.. Thanks for your answer.

Now, when a client's password is expired and this client try to connect, TSM tell him that is password is expired and offer to him to change his password and let him connect to TSM.

I want that a client who is password is expired CAN'T connect to TSM.

How can I do that?
 
When you want a node which password is expired not to be able to reconnect to TSM, you must disable the generation of a new password by removing the PASSWORDACCESS GENERATE line from dsm.sys/dsm.opt.

Now, when a password is expired a TSM administrator is needed to update the password for this node on the TSM server.
 
Tks for your answer.


I've found my problem :

A client who is in "password generate" mode use the nodename to connect to server.

But, a client who is'nt in "password generate" mode use the adminname to connect to server.

So, if I update the password and forcepasswordchange a client (node AND admin), the next time that the client will connect using password generate, it will change his nodename password, but will not change his adminname password.

The nodename password is now unknown (which is good). But, the known admin name still can be used if you remove the "password generate" option (which is very bad in my case).
 
You must log in or register to reply here.

Data Privacy Impact Assessment

Compliance Assurance in Every Byte: Discover the Impact of Our DPIA Services.

Sponsor ADSM.ORG

If you are reading this, so are your potential customer. Advertise at ADSM.ORG right now.

Navigation Menu

Forums
   IBM TSM
   EMC Backup and Recovery
   Symantec NetBackup  
   SAN  
   NAS
   Platforms / OS
Mailing List Archives
   ADSM-L
User Groups

NordVPN 3 Months FREE

Help Support ADSM.ORG and Get NordVPN with 64% Off and 3 Months FREE.

NordVPN with 64% off + 3 months FREE

Forum statistics

Threads
31,975
Messages
135,450
Members
21,953
Latest member
jrogers
Back
Top