3.5 Security for Administrative Services

The ZENworks Orchestrator Console and the zosadmin command line tool are clients to the MBean and RMI servers. ZENworks Orchestrator does not provide encryption for these administrative services, so you should be careful to use them only in a secure environment.

The zosadmin tool stores the administrator’s user name and password in single-hashed form on disk to prevent the plain text user password from being stolen. Even so, this credential is still vulnerable and could be stolen to gain unauthorized access, so it must be protected.

The Orchestrator Console secrets are stored in $HOME/.novell/zoc and the zosadmin secrets are stored in $HOME/.novell/zos/admin. You need to protect both of these directories with permissions that restrict both Read and Write access by other users.