On Mon, 20 Jan 1997, Bradley King wrote:
> The command: dsmc -node=toto -password=toto is the only way I know,
> but it presents no particular security problem for a Unix system
> (in my opinion)
In my opinion, your opinion is wrong. Any user who specifies the -node
parameter is treated by ADSM as if he were root, no matter whether he is
root on the client machine. A public password means that you have all your
files public.
There is no way to prevent the password visibility, although on some
Unixes, there is only a short time window where it can be read, i.e.
there is a race condition between the OS concealing the password and an
intruder's script reading it. There is, however, no need ever to use this
highly unsafe option.
The solution is:
Keep the password secret.
Do not let ordinary users log in with a node name specified; rather let
them log in to the default node using the hidden password stored with
the PASSWORDACCESS=GENERATE mechanism.
If there is a need to have ordinary users use more than one nodename
from the same client, define more than one server, each with a default
node. These servers need not be implemented as distinct ADSM servers;
i.e. the dsm.sys entries may point to the same server.
Best regards,
Helmut Richter
==============================================================
Dr. Helmut Richter Leibniz-Rechenzentrum
Tel: +49-89-289-28785 Barer Str. 21
Fax: +49-89-2809460 D-80333 Muenchen
Email: Helmut.Richter AT lrz-muenchen DOT de Germany
==============================================================
|