I push the problem back a level and keep the admin passwords in a reversibly
encrypted file. Then I can go and look up the password for the administrator
(based on unix id) running the script.
- Kai.
> -----Original Message-----
> From: Roger Deschner [mailto:rogerd AT UIC DOT EDU]
> Sent: Thursday, 10 October 2002 11:33 PM
> To: ADSM-L AT VM.MARIST DOT EDU
> Subject: Re: Macros
>
>
> ---------------------- Information from the mail header
> -----------------------
> Sender: "ADSM: Dist Stor Manager" <ADSM-L AT VM.MARIST DOT EDU>
> Poster: Roger Deschner <rogerd AT UIC DOT EDU>
> Subject: Re: Macros
> --------------------------------------------------------------
> -----------------
>
> The big advantage of ITSM Server Scripts over OS Shell
> Scripts (whether
> Unix shell, CMS EXEC, or whatever) is passwords. With a Server Script,
> you are not execuring dsmadmc for each command - it is done
> form within
> an administrator session. Authentication has already been
> performed, so
> admin ids and passwords are simply not involved. However, for an OS
> script that issues the dsmadmc command for each ITSM command,
> you've got
> to put an all-powerful ITSM admin id and password on the command line,
> in clear text.
>
> This is a big security hazard. Has anyone figured out a way
> around this?
>
> Roger Deschner University of Illinois at Chicago
> rogerd AT uic DOT edu
> "Give a man a computer program and you give him a headache, but teach
> him to program computers and you give him the power to create
> headaches
> for others for the rest of his life." -- R. B. Forest
>
>
>
> On Thu, 10 Oct 2002, Alex Paschal wrote:
>
> >Well, I'll assume you mean TSM server scripts instead of
> shell scripts.
> >
> >Macros are really useful for multiple one time commands,
> like generating and
> >executing multiple commands where you don't want to have to
> answer "Yes/No"
> >for each command (move datas are a good example). Server
> scripts are more
> >useful for more general scheduled tasks. Quite frankly, I
> have never used
> >server scripts. If I have to do something complicated enough to use
> >variable substitution and logic, I use cron'd shell or perl
> scripts for my
> >management instead.
> >
> >Alex Paschal
> >Storage Administrator
> >Freightliner, LLC
> >(503) 745-6850 phone/vmail
> >
> >
> >-----Original Message-----
> >From: Gerald Wichmann [mailto:gwichman AT ZANTAZ DOT COM]
> >Sent: Thursday, October 10, 2002 12:04 PM
> >To: ADSM-L AT VM.MARIST DOT EDU
> >Subject: Macros
> >
> >
> >Why would one use macros instead of a server script?
> >
> >Gerald Wichmann
> >Senior Systems Development Engineer
> >Zantaz, Inc.
> >925.598.3099 (w)
> >
> >
> >
> >This e-mail has been captured and archived by the ZANTAZ
> Digital Safe(tm)
> >service. For more information, visit us at www.zantaz.com.
> >IMPORTANT: This electronic mail message is intended only for
> the use of the
> >individual or entity to which it is addressed and may
> contain information
> >that is privileged, confidential or exempt from disclosure
> under applicable
> >law. If the reader of this message is not the intended
> recipient, or the
> >employee or agent responsible for delivering this message to
> the intended
> >recipient, you are hereby notified that any dissemination,
> distribution or
> >copying of this communication is strictly prohibited. If
> you have received
> >this communication in error, please notify the sender immediately by
> >telephone or directly reply to the original message(s) sent.
> Thank you.
> >
>
|
