Save your administrator ID and password with a login file
The dsmadmc command has been extended with the -CREDentialsfile=filename
option.
With this you are able to pass the credentials UserID and password, which are normally passed to the command by the options -ID=userid
and -PAssword=password
, via a credential file. In this credential file only the administrator and the password are written one below the other.
The security aspect
Possible security measures in a Linux environment
This is especially important because if you do ps -ef | grep dsmadmc
, you can also see the name and possibly the path of the login file, as shown in the following image.
To avoid specifying the filename and possibly the path of the login file in plain text, you could also set an "environment variable" for this purpose.
Security precautions in a Windows environment
In a Windows environment you could hide the file via the file properties.
In addition, it would be possible to use a different file extension or no file extension at all. This makes the file more inconspicuous. Again, the path and filename of the login file could be hidden by a variable.
If the file is located in the own files, only the own user and the administrator can access it.
If you need to store the file outside your own files, you could restrict access via "Group and user names" in the "File properties" in the "Security" tab, e.g. as follows.
-CREDentialsfile
option cannot be used in conjunction with Multifactor Authentication (MFA).Conclusion
Source
https://www.ibm.com/docs/en/storage-protect/8.1.20?topic=client-administrative-options