Hi Steve. It's still an island, although there seems to be a bit of a causeway on the horizon. The ISC-AC v6.1 security makes one hope that the causeway might lead to LDAP.
Joerg Pohlmann 250-245-9863 "ADSM: Dist Stor Manager" <ADSM-L@VM.MARIST.EDU> wrote on 2009-08-04 17:43:21: > Great information Jeorg, thanks > > One issue that I found with older versions of ISC was that there seemed > to be no easy way to preserve/copy/update the ISC security information. > It was its own island and I also found it for the most part > incomprehensible. That may just be because I did not take the time to > fully understand the security model, but hey, I'm a backups guy not a > security guy. > > Has ISC Security improved with later versions, and can it easily be > copied/preserved through ISC updates or integrated with other standard > security products/unix security/ldap/windows AD or is it still its own > island? > > Thanks > > Steve. > > TSM Admin, between jobs, Sydney > > > Joerg Pohlmann wrote: > > Here is a suggestion for proper auditability of ISC-AC based TSM > > administration: > > > > 1) create an ISC ID for each TSM administrator > > 2) create a TSM admin ID for each TSM administrator and grant auth ... > > cl=sys > > 3) have each TSM administrator add their server connection on the ISC > > (under "Manage Servers" on the ISC-AC v6.1) using their TSM admin ID > > 4) lock admin ADMIN > > 5) remove the server connection from the ISC ID iscadmin > > > > You now have an auditable trail in the activity log of "who did what". > > > > Joerg Pohlmann > > 250-245-9863 > > > > > > "ADSM: Dist Stor Manager" <ADSM-L@VM.MARIST.EDU> wrote on 2009-07-30 > > 12:53:22: > > > > > >> Is there any log in the ISC/AC (ICS 6.01 and AC 5.5) that would show me > >> > > who > > > >> logged on from where at a particular time? I have a client (inherited) > >> > > That > > > >> has people all using the ADMIN userid and some's been updating schedules > >> > > and > > > >> completely mucking up the works. From the activity log I can trace the > >> commands down to user ADMIN coming from the ISC IP address. Now I just > >> > > need > > > >> to find out who logged in to that. They all also use the ISCADMIN userid > >> > > for > > > >> that..again inherited. If I can find out the IP address of who logged on > >> > > to > > > >> the ISC.I'll be 1 more step along the path to find this joker. Maybe the > >> > > WAS > > > >> component has a log somethere? > >> > >> > >> > >> Any help will be greatly appreciated.as I move them to individual userids > >> for both TSM and ISC. > >> > >> > >> > >> Bill Boyer > >> > >> "He who laughs last probably made a back-up." Murphy's law of computing > >> ------------------------------------------------------------------------ > >> > >> > >> No virus found in this incoming message. > >> Checked by AVG - www.avg.com > >> Version: 8.5.392 / Virus Database: 270.13.44/2282 - Release Date: > 08/04/09 18:01:00 > >> > >>
