On Tue, 27 May 2003, Stapleton, Mark wrote: >One of the nice things about how Tivoli has handled TSM is that the >authentication system is *exactly* the same, no matter what the server >and client OS platforms may be. The same can be said for the interfaces >and the way administration is performed. Inserting something like >Kerberos into the mix would mean you'd have to make it work for all >platforms that the TSM server supports--including MVS, OS/400, and ><shudder> Windows.
I'm not suggesting that Kerberos should be required for use in TSM, just that it would be nice if TSM supported it. Having said that, though, we have a mixed Unix/PC/Macintosh environment, and we support Kerberos on all of these platforms. With Win2K, it's essentially built-in to the OS, so I should think that that would be the platform with the least worries. As far as support for other platforms, Kerberos runs on all of the server platforms that the most recent versions of Tivoli Storage Manager supports: Windows NT/2000, AIX, HP-UX, Solaris, MVS/OS390, and Linux. And the good bit is that all of those Kerberos implementations share a common API, so it should not involve much coding to make it work on all of the platforms. >There are ways of scripting TSM tasks that can sidestep the clear text >stuff, much the same as the ways you script FTP sessions without putting >passwords where users can gefingerpoken. True. I was merely suggesting that using Kerberos could solve the problem in a conventional and secure manner. -- Tom Thomas A. La Porte, DreamWorks SKG <mailto:[EMAIL PROTECTED]>
