On 16 feb 2011, at 18:49, Robert Clark wrote: > It is hard to argue that the default isn't good practice. >
setting tcpadminport to something different from the tcppport, and setting adminonclientport to no allows you to prevent unauthorized access to tsm admin interface via a firewall. Since the non-ssl admin interface sends the passwords in plain text, this might be a very good idea. Also, in those cases where your TSM server needs to be reachable from a more or less untrusted network, this provides an increased level of security. Thus, there are plenty of reasons not to use the default, and some are very easy to defend. Having said that, this all might or might not apply to your environment. > Thanks, > [RC] -- Met vriendelijke groeten/Kind Regards, Remco Post r.p...@plcs.nl +31 6 248 21 622