Register

Forgot Password

Site FAQ

Home > IT Answers > Lotus Domino > Security Settings in Lotus Notes ID Log-Ins

Marts0923

0 pts.

Security Settings in Lotus Notes ID Log-Ins

Lotus Domino, Platform Issues

How can I implement the following (all related to logging on to Lotus Notes using the Notes ID)? 1. suspend or lock out a user after five failed login attempts? 2. prevent a user from having more than one session simultaneously? 3. force the user to change his/her password at least every 90 days? 4. prevent the users from re-using their 6 most recent passwords? Our Notes server version is 6.51 while the client is 6.01. Thanks in advance!

Software/Hardware used:

ASKED: June 19, 2006 1:30 AM

UPDATED: June 19, 2006 4:39 PM

RELATED QUESTIONS

Answer Wiki:

For points 3 and 4 you can use the Policies and Settings within Notes Administration to force password cahnages and remember password history. You create a policy under People and Groups option and then create settings and choose security settings. Hope that helps

Last Wiki Answer Submitted: June 19, 2006 6:58 am by Deadleg

0 pts.

All Answer Wiki Contributors: Deadleg

0 pts.

To see all answers submitted to the Answer Wiki: View Answer History.

RSS - Discussions Help

Discuss This Question:

_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

POSTED: Jun 19, 2006 4:39 PM (GMT)

The answer to questions 1 & 2 is “You cannot.” The Notes password protects the ID file, not an account on a server. It is always local to the client. Once the ID has been unlocked by entering the correct password, the client will use the stored credentials inside the ID file to establish a trusted session with each server as needed.

Notes does not “lock out” a user id when too many passwords are tried. Instead, the Notes client password dialog is coded in such a way as to prevent any type of “scripted” hacking of the password. The UI is designed to wait longer between prompts as each attempt is made. The wait times goes up exponentially until the frustrated “hacker” (user) gives up. You can reset the behavior by exiting from the client each time, but that takes an extremely long time too. The ID password is supposed to be strong enough to prevent any type of manual “dictionary attack”.

Regarding (2) I know of no reason to prevent multiple sessions. You could “drop” the user, but if their client needs to re-connect to the server it will on it’s own anyway. This is a “feature” not a “bug”.

Hope this helps.
Mike M.

MMINTER

0 pts.

Ask a Question

Browse IT Answers by Topic

>>VIEW ALL TAGS

Community Blog | About Us | Contact Us | FAQ | Terms of Use | DMCA Policy

TechTarget provides enterprise IT professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective IT purchase decisions and managing their organization's IT projects - with its network of technology-specific Web sites, events and magazines.
All Rights Reserved, Copyright 1999-2013, TechTarget | Read our Privacy Policy
Questions and Answers Index 1 | Questions and Answers Index 2 | IT Topics Index 1 | IT Topics Index 2 | Blogs Index | Blogs Tags