ADSM-L

Re: Passwordaccess Generate

2004-12-16 14:19:36
Subject: Re: Passwordaccess Generate
From: Andrew Raibeck <storman AT US.IBM DOT COM>
To: ADSM-L AT VM.MARIST DOT EDU
Date: Thu, 16 Dec 2004 12:17:49 -0700
> Why has this facility (or the MAILPROG equivalent) been removed from
> v5.3 and upwards? This seems a useful sort of thing to me.

While its usefulness under certain circumstances cannot be denied, we felt
that this change was an improvement in security, which we weighted with a
higher priority. For example, if someone hacked your NT account, they
could easily get your TSM password. For what it is worth, this
functionality was unique to the TSM client for Windows; it was never
available for other TSM clients.

Regards,

Andy

Andy Raibeck
IBM Software Group
Tivoli Storage Manager Client Development
Internal Notes e-mail: Andrew Raibeck/Tucson/IBM@IBMUS
Internet e-mail: storman AT us.ibm DOT com

The only dumb question is the one that goes unasked.
The command line is your friend.
"Good enough" is the enemy of excellence.

"ADSM: Dist Stor Manager" <ADSM-L AT VM.MARIST DOT EDU> wrote on 12/16/2004
11:31:08:

> > You shouldn't ever need to know it, there are other ways to do
> > everything I can think of.
> >
> > What problem are you having that you need it for?
> > Maybe I can tell you how to get around it....
>
> My computer is backed up via TSM to my university's central ADSM server.
> If I want to do anything which needs more than my own node password
> (which I know), I have to raise a support request with them. For
> password resets, these are set to something random which is then sent
> out on paper arriving a day or two later! Therefore, if I want to be
> able to recover files in the event of my machine dying (as I did this
> afternoon), it's invaluable to have the node password so that I can use
> the -virtualnodename option on another machine to get back my files more
> quickly and get back to work.
>
> Similarly, if a machine dies completely, one also has to wait for the
> paper password to arrive before being able to get on with doing a bare
> metal restore because of course the encrypted password dies with the
> machine. Hmm...
>
> Why has this facility (or the MAILPROG equivalent) been removed from
> v5.3 and upwards? This seems a useful sort of thing to me.
>
> Thanks,
>
> Chris.

<Prev in Thread] Current Thread [Next in Thread>