To clarify my earlier response on this:
The (encrypted) password is not actually sent between client and server,
except when the password is being changed. During authentication, the
client sends the server a message that is encrypted using the password as
the key. The server knows what the decrypted message should be, so if the
wrong password was used to encrypt the message, then the authentication
will fail.
Regards,
Andy
Andy Raibeck
IBM Software Group
Tivoli Storage Manager Client Development
Internal Notes e-mail: Andrew Raibeck/Tucson/IBM@IBMUS
Internet e-mail: [EMAIL PROTECTED] (change eye to i to reply)
The only dumb question is the one that goes unasked.
The command line is your friend.
"Good enough" is the enemy of excellence.
Andrew Raibeck/Tucson/IBM@IBMUS
Sent by: "ADSM: Dist Stor Manager" <[EMAIL PROTECTED]>
02/19/2003 14:56
Please respond to "ADSM: Dist Stor Manager"
To: [EMAIL PROTECTED]
cc:
Subject: Re: password encryption
The password is indeed encrypted.
Regards,
Andy
Andy Raibeck
IBM Software Group
Tivoli Storage Manager Client Development
Internal Notes e-mail: Andrew Raibeck/Tucson/IBM@IBMUS
Internet e-mail: [EMAIL PROTECTED] (change eye to i to reply)
The only dumb question is the one that goes unasked.
The command line is your friend.
"Good enough" is the enemy of excellence.
"Prather, Wanda" <[EMAIL PROTECTED]>
Sent by: "ADSM: Dist Stor Manager" <[EMAIL PROTECTED]>
02/19/2003 14:40
Please respond to "ADSM: Dist Stor Manager"
To: [EMAIL PROTECTED]
cc:
Subject: Re: password encryption
I've always been told that the password is NOT sent in plain text, it's
encrypted.
(but I've never had a sniffer to check it myself).
-----Original Message-----
From: Eliza Lau [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, February 19, 2003 10:36 AM
To: [EMAIL PROTECTED]
Subject: password encryption
Does anyone know how the stored password on the client machine is passed
to the server for authentication?
The user has 'password generate' in his dsm.opt. The password is stored
in the Registry of his Windows 2000 client. When the TSM client starts
is the password sent to the server in plain text or encrypted?
Thanks,
Eliza Lau
Virginia Tech Computing Center
1700 Pratt Drive
Blacksburg, VA 24060
