Tivoli Header

Tivoli Storage Manager Using the Application Program Interface

Session Security

TSM, a session-based system, has security components that permit applications to start sessions in a secure manner. These security measures prohibit unauthorized access to the server and help insure system integrity.

Every session that the server starts must complete a sign-on process. This sign-on process requires a password that, when coupled with the node name of the client, insures proper authorization when connecting to the server. The application client is responsible for providing this password to the X/Open API for session initialization.

Passwords have expiration periods associated with them. If a BSAInit call fails with the password-expired return code (BSA_RC_TOKEN_EXPIRED), update the password before you can successfully establish the session.

Only the root session owner can change the password. First, make the BSAInit call with an empty string in the appObjectOwner field. Then, call BSAChangeToken to update the password.

Objects stored in the system also have ownerships associated with them. See Identifying the Object to understand how an application can take advantage of this to support multi-user applications. The application client is responsible for insuring that security and ownership rules are met once a session is started.


[ Top of Page | Previous Page | Next Page | Table of Contents | Index ]