While we're on the subject of passwords and password encryption,
is there any chance that TSM might support Kerberos in a future
release?

 -- Tom

Thomas A. La Porte, DreamWorks SKG
<mailto:tlaporte AT anim.dreamworks DOT com>

On Wed, 19 Feb 2003, Seay, Paul wrote:

>In encryption speak.  The node name is usually called the public key.  The
>private key is what is used to encrypt the message.  This is a nice
>implementation because during password change (which is probably in the
>message) the new encyption key (password) is not exposed.
>
>Paul D. Seay, Jr.
>Technical Specialist
>Northrop Grumman Information Technology
>757-688-8180
>
>
>-----Original Message-----
>From: Andrew Raibeck [mailto:storman AT US.IBM DOT COM]
>Sent: Wednesday, February 19, 2003 8:02 PM
>To: ADSM-L AT VM.MARIST DOT EDU
>Subject: Re: password encryption
>
>
>To clarify my earlier response on this:
>
>The (encrypted) password is not actually sent between client and server,
>except when the password is being changed. During authentication, the client
>sends the server a message that is encrypted using the password as the key.
>The server knows what the decrypted message should be, so if the wrong
>password was used to encrypt the message, then the authentication will fail.
>
>Regards,
>
>Andy
>
>Andy Raibeck
>IBM Software Group
>Tivoli Storage Manager Client Development
>Internal Notes e-mail: Andrew Raibeck/Tucson/IBM@IBMUS
>Internet e-mail: storman AT us.eyebm DOT com (change eye to i to reply)
>
>The only dumb question is the one that goes unasked.
>The command line is your friend.
>"Good enough" is the enemy of excellence.
>
>
>
>
>Andrew Raibeck/Tucson/IBM@IBMUS
>Sent by: "ADSM: Dist Stor Manager" <ADSM-L AT VM.MARIST DOT EDU> 02/19/2003 
>14:56
>Please respond to "ADSM: Dist Stor Manager"
>
>
>        To:     ADSM-L AT VM.MARIST DOT EDU
>        cc:
>        Subject:        Re: password encryption
>
>
>
>The password is indeed encrypted.
>
>Regards,
>
>Andy
>
>Andy Raibeck
>IBM Software Group
>Tivoli Storage Manager Client Development
>Internal Notes e-mail: Andrew Raibeck/Tucson/IBM@IBMUS
>Internet e-mail: storman AT us.eyebm DOT com (change eye to i to reply)
>
>The only dumb question is the one that goes unasked.
>The command line is your friend.
>"Good enough" is the enemy of excellence.
>
>
>
>
>"Prather, Wanda" <Wanda.Prather AT JHUAPL DOT EDU>
>Sent by: "ADSM: Dist Stor Manager" <ADSM-L AT VM.MARIST DOT EDU> 02/19/2003 
>14:40
>Please respond to "ADSM: Dist Stor Manager"
>
>
>        To:     ADSM-L AT VM.MARIST DOT EDU
>        cc:
>        Subject:        Re: password encryption
>
>
>
>I've always been told that the password is NOT sent in plain text, it's
>encrypted. (but I've never had a sniffer to check it myself).
>
>-----Original Message-----
>From: Eliza Lau [mailto:lau AT VTCAT.CC.VT DOT EDU]
>Sent: Wednesday, February 19, 2003 10:36 AM
>To: ADSM-L AT VM.MARIST DOT EDU
>Subject: password encryption
>
>
>Does anyone know how the stored password on the client machine is passed to
>the server for authentication?
>
>The user has 'password generate' in his dsm.opt.  The password is stored in
>the Registry of his Windows 2000 client.  When the TSM client starts is the
>password sent to the server in plain text or encrypted?
>
>Thanks,
>Eliza Lau
>Virginia Tech Computing Center
>1700 Pratt Drive
>Blacksburg, VA 24060
>
>