On Wed, Jun 15, 2011 at 4:30 PM, Thomas Denier < [email protected]> wrote:
> I have done cross-system restores using a TSM administrator account > with system privilege, and the TSM client documentation indicates > that I could have done the same thing if my account had policy privilege > but not system privilege. The phrasing of your question seems to imply > that a non-privileged administrator account could be used to retrieve > data from other systems. How would this be done? My problem is that the admin password is only one barrier against unauthorized access to other customers data. Security wise this is not sound. And on top of that, my experience is that admin passwords are seldom changed especially in setups with server-to-server connections. It would be much better if the only way to restore node data was by knowing the node password and login as the node itself. To use cross-system restores you then had to first change the node password via an admin session. And the admin session can be blocked from the customer through setting TCPADMINPORT, "ADMINONCLIENTPORT NO" and firewall away the tcpadminport. Hans Christian
