IBM System Storage Ideas Portal
Hide about this portal
This portal is to open public enhancement requests against IBM System Storage products. To view all of your ideas submitted to IBM, create and manage groups of Ideas, or create an idea explicitly set to be either visible by all (public) or visible only to you and IBM (private), use the IBM Unified Ideas Portal (https://ideas.ibm.com).
Shape the future of IBM!
We invite you to shape the future of IBM, including product roadmaps, by submitting ideas that matter to you the most. Here's how it works:
Search existing ideas
Start by searching and reviewing ideas and requests to enhance a product or service. Take a look at ideas others have posted, and add a comment, vote, or subscribe to updates on them if they matter to you. If you can't find what you are looking for,
Post your ideas
Post an idea.
Get feedback from the IBM team and other customers to refine your idea.
Follow the idea through the IBM Ideas process.
Specific links you will want to bookmark for future use
Welcome to the IBM Ideas Portal (https://www.ibm.com/ideas) - Use this site to find out additional information and details about the IBM Ideas process and statuses.
IBM Unified Ideas Portal (https://ideas.ibm.com) - Use this site to view all of your ideas, create new ideas for any IBM product, or search for ideas across all of IBM.
ideasibm@us.ibm.com - Use this email to suggest enhancements to the Ideas process or request help from IBM for submitting your Ideas.
IBM has reevaluated the request and has determined that it cannot be implemented at this time or does not align with the current multi-year strategy.
You may continue to view, comment upon, upvote, and subscribe to ideas marked as not under consideration. IBM will review and may reconsider ideas if new information surfaces or there is additional client interest in an Idea.
IBM has re-assesed this request and has determined to implement this security enhancement on a future release.
From what I see in the CLI encryption topic referenced, this is just specific to encrypting/scrambling a clear-text password via
--encrypt <Encrypt a Password>.However, anyone on the machine can still run
psand see the encrypted password while a CLI task or command is running. While it does not reveal the original password used, anyone who captures the encrypted password will still have full administrative access to the TS4500.For example:
$ java -jar /opt/TS4500/TS4500CLI.jar -ip 192.168.128.73 -u admin -p <our-pw-is-here-in-cleartext> --encrypt "blah"yRgW$ ps faux | grep TS4500root 48278 62.0 0.0 35760036 74012 pts/0 Sl+ 11:53 0:00 | \_ java -jar /opt/TS4500/TS4500CLI.jar -ip 192.168.128.73 -u admin-ep yRgW--downloadResources MountHistoryPlease note that I can see what the encrypted "admin" password is, even as non-privileged user on this machine.
The other part of the request is to be able to specify the CLI credentials from a file on disk. So for example:
java -jar /opt/TS4500/TS4500CLI.jar -ip 192.168.128.73 -u admin -p ~/.my_ts4500_pw --downloadResources MountHistoryThis is already supported, please see the following reference:
https://www.ibm.com/docs/en/ts4500-tape-library?topic=alphabetically-encrypt