I push the problem back a level and keep the admin passwords in a reversibly encrypted file. Then I can go and look up the password for the administrator (based on unix id) running the script.
- Kai. > -----Original Message----- > From: Roger Deschner [mailto:[EMAIL PROTECTED]] > Sent: Thursday, 10 October 2002 11:33 PM > To: [EMAIL PROTECTED] > Subject: Re: Macros > > > ---------------------- Information from the mail header > ----------------------- > Sender: "ADSM: Dist Stor Manager" <[EMAIL PROTECTED]> > Poster: Roger Deschner <[EMAIL PROTECTED]> > Subject: Re: Macros > -------------------------------------------------------------- > ----------------- > > The big advantage of ITSM Server Scripts over OS Shell > Scripts (whether > Unix shell, CMS EXEC, or whatever) is passwords. With a Server Script, > you are not execuring dsmadmc for each command - it is done > form within > an administrator session. Authentication has already been > performed, so > admin ids and passwords are simply not involved. However, for an OS > script that issues the dsmadmc command for each ITSM command, > you've got > to put an all-powerful ITSM admin id and password on the command line, > in clear text. > > This is a big security hazard. Has anyone figured out a way > around this? > > Roger Deschner University of Illinois at Chicago > [EMAIL PROTECTED] > "Give a man a computer program and you give him a headache, but teach > him to program computers and you give him the power to create > headaches > for others for the rest of his life." -- R. B. Forest > > > > On Thu, 10 Oct 2002, Alex Paschal wrote: > > >Well, I'll assume you mean TSM server scripts instead of > shell scripts. > > > >Macros are really useful for multiple one time commands, > like generating and > >executing multiple commands where you don't want to have to > answer "Yes/No" > >for each command (move datas are a good example). Server > scripts are more > >useful for more general scheduled tasks. Quite frankly, I > have never used > >server scripts. If I have to do something complicated enough to use > >variable substitution and logic, I use cron'd shell or perl > scripts for my > >management instead. > > > >Alex Paschal > >Storage Administrator > >Freightliner, LLC > >(503) 745-6850 phone/vmail > > > > > >-----Original Message----- > >From: Gerald Wichmann [mailto:[EMAIL PROTECTED]] > >Sent: Thursday, October 10, 2002 12:04 PM > >To: [EMAIL PROTECTED] > >Subject: Macros > > > > > >Why would one use macros instead of a server script? > > > >Gerald Wichmann > >Senior Systems Development Engineer > >Zantaz, Inc. > >925.598.3099 (w) > > > > > > > >This e-mail has been captured and archived by the ZANTAZ > Digital Safe(tm) > >service. For more information, visit us at www.zantaz.com. > >IMPORTANT: This electronic mail message is intended only for > the use of the > >individual or entity to which it is addressed and may > contain information > >that is privileged, confidential or exempt from disclosure > under applicable > >law. If the reader of this message is not the intended > recipient, or the > >employee or agent responsible for delivering this message to > the intended > >recipient, you are hereby notified that any dissemination, > distribution or > >copying of this communication is strictly prohibited. If > you have received > >this communication in error, please notify the sender immediately by > >telephone or directly reply to the original message(s) sent. > Thank you. > > >
