Seeing this post prompted me to run a test. It appears that Windows 2003
cluster ensures the replication of the changed password happens right away, not
when the group fails over.
Details:
I have 3 test clusters a Windows 2000 cluster a Windows 2003 cluster and a
Windows 2003 Itanium cluster. I set the password expiration for all the nodes
on all clusters to 1 day. The next day the password changed as it should. The
registry reflected the new password on all nodes that currently own the group
that TSM service is in. On the Windows 2003 clusters the password matched. On
the Windows 2000 cluster the node that did not own the group still had the old
password. As you suggest a controlled move of the group did update the
password however it took that. So I see where a system crash would result in
an invalid password on the other side of the cluster.
However, it looks like a Windows 2003 cluster does not have this issue. I know
that Windows 2000 is still out there but with advanced features like
clustering. I've found more and more people migrating to Windows 2003 so if
your there you don't have the same fear and thus should be able to use the
password expiration.
"Wheelock, Michael D" <Michael.Wheelock AT INTEGRIS-HEALTH DOT COM> wrote:
Hi,
The answer is that "it depends".
1) For the normal backup/archive client and the ms-sql and
ms-exchange clients, this is no problem. They will change their
passwords without issue.
2) The oracle client cannot change its password on its own.
3) Microsoft clusters (IMHO) should still be set to 0. Here is why
(from experience no less). The encrypted password for a B/A client is
stored in the registry. The manual states that you need to have the
generic service you setup in cluster administrator copy over this reg
key when the service moves. This only works in the world where servers
don't crash. If the server crashes, the key does not get copied (how
can it...the server that had it is down) and the service can fail to
start (likely because it has the old password).
4) Unix B/A has no problem with this.
Others may be able to speak to the domino clients, etc as I have no
experience with them.
Michael Wheelock
Integris Health
-----Original Message-----
From: ADSM: Dist Stor Manager [mailto:ADSM-L AT VM.MARIST DOT EDU] On Behalf Of
Brenda Collins
Sent: Monday, June 06, 2005 2:07 PM
To: ADSM-L AT VM.MARIST DOT EDU
Subject: password
We use password access generate on all of our configurations. In the
past,
we have used expiration 0 so that we do not run into issues with
expirations. We are now being asked to set up an expiration period and
I
am wondering if the 'passwordaccess generate' is going to create a new
password itself upon expiration or just fail the backup.
The manual does not state that it will do that and I do not want backups
failing as a result of the passwords expiring. I have heard answers
both
ways on this configuration. For anyone expiring passwords, are you
resetting them manually or does this happen automatically?
Thanks,
Brenda
**********************************************************************
This e-mail may contain identifiable health information that is subject to
protection under state and federal law. This information is intended to be for
the use of the individual named above. If you are not the intended recipient,
be aware that any disclosure, copying, distribution or use of the contents of
this information is prohibited and may be punishable by law. If you have
received this electronic transmission in error, please notify us immediately by
electronic mail (reply).
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
|
