On Mon, 20 Jan 1997, Bradley King wrote:

> The command: dsmc -node=toto -password=toto is the only way I know,
> but it presents no particular security problem for a Unix system
> (in my opinion)

In my opinion, your opinion is wrong. Any user who specifies the -node
parameter is treated by ADSM as if he were root, no matter whether he is
root on the client machine.  A public password means that you have all your
files public.

There is no way to prevent the password visibility, although on some
Unixes, there is only a short time window where it can be read, i.e.
there is a race condition between the OS concealing the password and an
intruder's script reading it. There is, however, no need ever to use this
highly unsafe option.

The solution is:

Keep the password secret.

Do not let ordinary users log in with a node name specified; rather let
  them log in to the default node using the hidden password stored with
  the PASSWORDACCESS=GENERATE mechanism.

If there is a need to have ordinary users use more than one nodename
  from the same client, define more than one server, each with a default
  node. These servers need not be implemented as distinct ADSM servers;
  i.e. the dsm.sys entries may point to the same server.

Best regards,

Helmut Richter

==============================================================
Dr. Helmut Richter                       Leibniz-Rechenzentrum
Tel:   +49-89-289-28785                  Barer Str. 21
Fax:   +49-89-2809460                    D-80333 Muenchen
Email: Helmut.Richter AT lrz-muenchen DOT de    Germany
==============================================================