Amen! IBM?
Kind regards,
Eric van Loon
Air France/KLM Storage Engineering
-Original Message-
From: ADSM: Dist Stor Manager [mailto:ADSM-L@VM.MARIST.EDU] On Behalf Of
Harris, Steven
Sent: vrijdag 23 februari 2018 6:16
To: ADSM-L@VM.MARIST.EDU
Subject: Re: Command Routing Gotcha in v7.1.8
So what we need is a server option
SESSIONSECFORCE TRANSITIONAL
Only able to be set by editing dsmserv.opt and defaulting to NO. If its set
then the automatic update to SESSIONSECURITY strict is not permitted.
Update everything you need to then turn the option off.
I understand why session security has been forced on and I understand that we
don't want it to be easily bypassed from any admin session as that leaves a
simple back door, but seriously, someone did not think through the implications.
Cheers
Steve
Steven Harris
TSM Admin/Consultant
Canberra Australia
-Original Message-
From: ADSM: Dist Stor Manager [mailto:ADSM-L@VM.MARIST.EDU] On Behalf Of
Deschner, Roger Douglas
Sent: Friday, 23 February 2018 1:11 PM
To: ADSM-L@VM.MARIST.EDU
Subject: [ADSM-L] Command Routing Gotcha in v7.1.8
There is a known and somewhat documented restriction where an administrative ID
which connects to a New (7.1.8 or 8.1.2+) server from a New dsmadmc client,
cannot connect from an Old administrative client anymore, because
SESSIONSECURITY has been switched to STRICT.
I have now discovered that this affects Command Routing among servers. It makes
sense, if you think about it, but it bit me. My test setup has two servers, one
running 6.3.5 and the other 7.1.8. They both have Admin ID roger with the same
password. Command routing initially worked fine between the two servers using
Admin ID roger. But then Admin ID roger used a 7.1.8 client dsmadmc to connect
to the 7.1.8 server, and all that SSL magic happened and SESSIONSECURITY got
changed to STRICT. As documented, now Admin ID roger cannot use an older client
dsmadmc to reach the 7.1.8 server. Although roger can still connect to the
6.3.5 server using any version client dsmadmc, now command routing no longer
works. It fails with "ANR0454E Session rejected by server ADSM-3, reason: 7 -
Down level." It does work when Admin ID roger connects to the 7.1.8 server. UPD
ADMIN ROGER SESSIONSECURITY=TRANSITIONAL is a bypass, and I'm keeping the
(ugly) suggestion in mind to issue it every 5 minutes from a schedule if this
becomes an issue.
I have noticed that, if SESSIONSECURITY=TRANSITIONAL is in effect, and you use
an Old client to connect to an Old server, and you use command routing to route
a command to a New server, it does NOT change SESSIONSECURITY to STRICT for
that Admin ID on the New server. That is good. This feature of automatically
setting SESSIONSECURITY to STRICT on Admin IDs is turning into one of our worst
stumbling blocks in this major update. I'm the administrator; don't mess with
my own ID!
This looks like another reason to upgrade ALL servers to 7.1.8/8.1.2+ before
upgrading ANY clients. We have several admin IDs that are used by a variety of
cron processes to monitor and control the backup systems. Some of these
processes use command routing. I am now inventorying them, because the clients
they connect from must all be upgraded together at the same time to avoid
failures of these monitoring and control processes.
Roger Deschner
University of Illinois at Chicago
"I have not lost my mind; it is backed up on tape somewhere."
This message and any attachment is confidential and may be privileged or
otherwise protected from disclosure. You should immediately delete the message
if you are not the intended recipient. If you have received this email by
mistake please delete it from your system; you should not copy the message or
disclose its content to anyone.
This electronic communication may contain general financial product advice but
should not be relied upon or construed as a recommendation of any financial
product. The information has been prepared without taking into account your
objectives, financial situation or needs. You should consider the Product
Disclosure Statement relating to the financial product and consult your
financial adviser before making a decision about whether to acquire, hold or
dispose of a financial product.
For further details on the financial product please go to http://www.bt.com.au
Past performance is not a reliable indicator of future performance.
For information, services and offers, please visit our web site:
http://www.klm.com. This e-mail and any attachment may contain confidential and
privileged material intended for the addressee only. If you are not the
addressee, you are notified that no part of the e-mail or any attachment may be
disclosed, copied or distributed, and that any other action related to this
e-mail or attachment is strictly prohibited, and may be unlawful. If you have
received this e-ma