While we're on the subject of passwords and password encryption, is there any chance that TSM might support Kerberos in a future release?
-- Tom Thomas A. La Porte, DreamWorks SKG <mailto:[EMAIL PROTECTED]> On Wed, 19 Feb 2003, Seay, Paul wrote: >In encryption speak. The node name is usually called the public key. The >private key is what is used to encrypt the message. This is a nice >implementation because during password change (which is probably in the >message) the new encyption key (password) is not exposed. > >Paul D. Seay, Jr. >Technical Specialist >Northrop Grumman Information Technology >757-688-8180 > > >-----Original Message----- >From: Andrew Raibeck [mailto:[EMAIL PROTECTED]] >Sent: Wednesday, February 19, 2003 8:02 PM >To: [EMAIL PROTECTED] >Subject: Re: password encryption > > >To clarify my earlier response on this: > >The (encrypted) password is not actually sent between client and server, >except when the password is being changed. During authentication, the client >sends the server a message that is encrypted using the password as the key. >The server knows what the decrypted message should be, so if the wrong >password was used to encrypt the message, then the authentication will fail. > >Regards, > >Andy > >Andy Raibeck >IBM Software Group >Tivoli Storage Manager Client Development >Internal Notes e-mail: Andrew Raibeck/Tucson/IBM@IBMUS >Internet e-mail: [EMAIL PROTECTED] (change eye to i to reply) > >The only dumb question is the one that goes unasked. >The command line is your friend. >"Good enough" is the enemy of excellence. > > > > >Andrew Raibeck/Tucson/IBM@IBMUS >Sent by: "ADSM: Dist Stor Manager" <[EMAIL PROTECTED]> 02/19/2003 14:56 >Please respond to "ADSM: Dist Stor Manager" > > > To: [EMAIL PROTECTED] > cc: > Subject: Re: password encryption > > > >The password is indeed encrypted. > >Regards, > >Andy > >Andy Raibeck >IBM Software Group >Tivoli Storage Manager Client Development >Internal Notes e-mail: Andrew Raibeck/Tucson/IBM@IBMUS >Internet e-mail: [EMAIL PROTECTED] (change eye to i to reply) > >The only dumb question is the one that goes unasked. >The command line is your friend. >"Good enough" is the enemy of excellence. > > > > >"Prather, Wanda" <[EMAIL PROTECTED]> >Sent by: "ADSM: Dist Stor Manager" <[EMAIL PROTECTED]> 02/19/2003 14:40 >Please respond to "ADSM: Dist Stor Manager" > > > To: [EMAIL PROTECTED] > cc: > Subject: Re: password encryption > > > >I've always been told that the password is NOT sent in plain text, it's >encrypted. (but I've never had a sniffer to check it myself). > >-----Original Message----- >From: Eliza Lau [mailto:[EMAIL PROTECTED]] >Sent: Wednesday, February 19, 2003 10:36 AM >To: [EMAIL PROTECTED] >Subject: password encryption > > >Does anyone know how the stored password on the client machine is passed to >the server for authentication? > >The user has 'password generate' in his dsm.opt. The password is stored in >the Registry of his Windows 2000 client. When the TSM client starts is the >password sent to the server in plain text or encrypted? > >Thanks, >Eliza Lau >Virginia Tech Computing Center >1700 Pratt Drive >Blacksburg, VA 24060 > >