Dwight,

What you say is true, but....  If an admin changes the node's password,
they have left tracks.  They cannot change the password back to what it
was, unless they knew what it was to start with.  The next time the client
goes to use TSM, they will be aware that their password was changed.

I was amazed to find out that admins could do this without leaving
tracks.  This is somewhat disconcerting.

..Paul

At 09:03 AM 3/12/2003 -0800, Cook, Dwight E wrote:

Well, since a "system privileged admin id" could change the node's password
and then connect without using their admin id & password (use the one they
just set it to) I can see why the straight use of their id & password would
be allowed.

Just another reason why management should pay their TSM admin's well ;-)

Dwight



-----Original Message-----
From: Gerhard Rentschler [mailto:g.rentschler AT RUS.UNI-STUTTGART DOT DE]
Sent: Wednesday, March 12, 2003 10:01 AM
To: ADSM-L AT VM.MARIST DOT EDU
Subject: Client login with admin id and password


Hello,
I always thought that a tsm admin does not have access to client data. I
think I learned something new.
Calling dsmc or dsm with -node=tarzan and specifying a valid admin id and
password (system privilege) gives access to node tarzan's data. At least it
is possible to list the files. I haven't tried to restore data. This is
indeed documented. However, I would prefer if there were a message in the
activity log saying that admin id was used.
Am I wrong? Could someone explain this feature in more detail?

Best regards
Gerhard
---
Gerhard Rentschler            email:g.rentschler AT rus.uni-stuttgart DOT de
Regional Computing Center     tel.   ++49/711/685 5806
University of Stuttgart       fax:   ++49/711/682357
Allmandring 30a
D 70550
Stuttgart
Germany

--
Paul Zarnowski                         Ph: 607-255-4757
719 Rhodes Hall, Cornell University    Fx: 607-255-8521
Ithaca, NY 14853-3801                  Em: psz1 AT cornell DOT edu