ADSM-L
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: password exposed !

2003-01-13 13:26:28
Subject: Re: password exposed !
From: Andrew Raibeck <storman AT US.IBM DOT COM>
To: ADSM-L AT VM.MARIST DOT EDU
Date: Mon, 13 Jan 2003 11:25:15 -0700 
APAR IC35399 has been opened for this.

Until a fix is available, do not use server-to-server command routing.
Rather, connect to the target server to run the command. This goes for
*any* command that contains a password (not just UPDATE ADMIN).

Regards,

Andy

Andy Raibeck
IBM Software Group
Tivoli Storage Manager Client Development
Internal Notes e-mail: Andrew Raibeck/Tucson/IBM@IBMUS
Internet e-mail: storman AT us.eyebm DOT com (change eye to i to reply)

The only dumb question is the one that goes unasked.
The command line is your friend.
"Good enough" is the enemy of excellence.




Xavier Merlin <xavier.merlin AT KBC DOT BE>
Sent by: "ADSM: Dist Stor Manager" <ADSM-L AT VM.MARIST DOT EDU>
01/13/2003 05:21
Please respond to "ADSM: Dist Stor Manager"


        To:     ADSM-L AT VM.MARIST DOT EDU
        cc:
        Subject:        password exposed !



Hello,

I am trying to use server-to-server communication to route commands, in
particular updating a password on several servers at once. If you update a
password locally (via upd admin) on the TSM server then  the password gets
concealed but when using routing a lot of messages are generated  which
unfortunately do display the password !

(note: userid,password and tsm server name in the following actlog lines
were intentionally renamed)

01/10/2003 11:16:57   ANR2017I Administrator SUPERMAN issued command:
GOTHAM_SERVER:
                       UPDATE ADMIN catwoman ?***?
01/10/2003 11:16:57   ANR1699I Resolved GOTHAM_SERVER to 1 server(s) -
issuing
                       command upd admin catwoman kitty against server(s).
01/10/2003 11:16:58   ANR1687I Output for command \'upd admin catwoman
kitty\'
                       issued against server GOTHAM_SERVER follows:
01/10/2003 11:16:58   ANR1688I Output for command \'upd admin catwoman
kitty\'
                       issued against server GOTHAM_SERVER completed.
01/10/2003 11:16:58   ANR1694I Server GOTHAM_SERVER processed command
\'upd
admin
                       catwoman kitty\' and completed successfully.
01/10/2003 11:16:58   ANR1697I Command \'upd admin catwoman kitty\'
processed by 1
                       server(s):  1 successful, 0 with warnings, and 0
with
                       errors.

Anyone noticed this in particular ? How to solve this ?

Help appreciated

Xavier Merlin



____________________________________________________
DISCLAIMER

This e-mail and any attached files are confidential and may be legally
privileged. If you are not the addressee, any disclosure, reproduction,
copying, distribution, or other dissemination or use of this communication
is strictly prohibited. If you have received this transmission in error
please notify KBC immediately and then delete this e-mail.
KBC does not accept liability for the correct and complete transmission of
the information, nor for any delay or interruption of the transmission,
nor for damages arising from the use of or reliance on the information.
All e-mail messages addressed to, received or sent by KBC or KBC employees
are deemed to be professional in nature. Accordingly, the sender or
recipient of these messages agrees that they may be read by other KBC
employees than the official recipient or sender in order to ensure the
continuity of work-related activities and allow supervision thereof.
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Inactive version expiration, just a note...(addition), Cook, Dwight E
Next by Date:  Re: Urgent help needed with restore, Del Hoobler
Previous by Thread:  password exposed !, Xavier Merlin
Next by Thread:  Re: Two schedules, Halvorsen Geirr Gulbrand
Indexes:  [Date] [Thread] [Top] [All Lists]