What you say is true, but.... If an admin changes the node's password, they have left tracks. They cannot change the password back to what it was, unless they knew what it was to start with. The next time the client goes to use TSM, they will be aware that their password was changed.
I was amazed to find out that admins could do this without leaving tracks. This is somewhat disconcerting.
..Paul
At 09:03 AM 3/12/2003 -0800, Cook, Dwight E wrote:
Well, since a "system privileged admin id" could change the node's password and then connect without using their admin id & password (use the one they just set it to) I can see why the straight use of their id & password would be allowed.
Just another reason why management should pay their TSM admin's well ;-)
Dwight
-----Original Message----- From: Gerhard Rentschler [mailto:[EMAIL PROTECTED] Sent: Wednesday, March 12, 2003 10:01 AM To: [EMAIL PROTECTED] Subject: Client login with admin id and password
Hello, I always thought that a tsm admin does not have access to client data. I think I learned something new. Calling dsmc or dsm with -node=tarzan and specifying a valid admin id and password (system privilege) gives access to node tarzan's data. At least it is possible to list the files. I haven't tried to restore data. This is indeed documented. However, I would prefer if there were a message in the activity log saying that admin id was used. Am I wrong? Could someone explain this feature in more detail?
Best regards Gerhard --- Gerhard Rentschler email:[EMAIL PROTECTED] Regional Computing Center tel. ++49/711/685 5806 University of Stuttgart fax: ++49/711/682357 Allmandring 30a D 70550 Stuttgart Germany
-- Paul Zarnowski Ph: 607-255-4757 719 Rhodes Hall, Cornell University Fx: 607-255-8521 Ithaca, NY 14853-3801 Em: [EMAIL PROTECTED]
