Steven P Roder wrote:
>
> On Thu, 3 Apr 1997, Tom Denier wrote:
> >
> > If the person running dsmadmc is using telnet or an X terminal to
> > connect to the system where dsmadmc actually runs, the password will
> > probably go from the desk top to dsmadmc in clear text (there are
> > telnet implementations with encryptation, but they are still relatively
> > uncommon). The password will be encrypted when it travels from dsmadmc
> > to the ADSM server.
>
> I think you are mistaken.  The clear text password never leaves the server
> or the client.  Perhaps someone from ADSM development can jump in here and
> clearly explain how the negotiation works.

You have missed the point of my note entirely. In some environments the
password will pass over the network in clear text before the administrative
client code ever sees it. For example, I interact with the various AIX
systems at my site by means of an X terminal on my desk. If I open a
terminal emulator window, execute the dsmadmc command, and respond to
the password prompt, the X terminal will send information about each
keystroke I type over the network with no encryptation. Many of my
co-workers use telnet clients running on PCs to interact with AIX.
If one of them establishes a telnet session with AIX, executes the
dsmadmc command, and responds to the password prompt, the telnet
client will send everything typed over the network with no
encryptation.