Lotus Domino
Platform Issues
Many email users are losing their Lotus/Domino password, and every time that happens, i have to create a new user for them and delete the old. Is there any other way to do it without losing the old user?

Answer Wiki

Thanks. We'll let you know when a new response is added.

There are two easy ways to do this. First, you can create an ID Repository that keeps the IDs and passwords — a kind of backup copy. The only caveat is that if the user’s name or OU changes, you must update the Repository ID.

Mind you, this does NOT work with an ID saved in the Person Doc in the NAB. Those IDs don’t update should the initial OU or name change — and keeping IDs in the NAB is not a good idea anyway.

Second, I believe that Notes 6.x (6.5 for sure, not sure about lower versions) has a password recovery function. You’d have to read up on the details — we don’t use it here.

Finally, you might want to look at WHY your users are losing their passwords so frequently. Our users hardly ever lose theirs, but we have only a password strength of about 5 (moderately difficult) and we do not expire the passwords. I’ve only changed my password on my Notes three times in 6 years, mostly because I was bored with the old one. If you are requiring frequent password changes in Notes, you might have to look at how much this is really helping your organization’s security vs. how much it is compromising productivity.


Discuss This Question: 1  Reply

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.
  • Brooklynegg
    Notes has a function called password recovery. It is something that has to be set up. Read about it in Domino Administrator Help that ships with Lotus Notes. In the index in the 6.5 help, there are four documents under IDs that should help you understand the process. This is the contents of the IDs - Recovering document. To recover from loss of, or damage to, an ID file, recommend to your users that they keep backup copies of their ID files in a secure place -- for example, on a disk stored in a locked area. Losing or damaging an ID file or forgetting a password has serious consequences. Without an ID, users cannot access servers or read messages and other data that they encrypted with the lost ID. To prevent problems that occur when users lose or damage ID files or forget passwords, set up Domino to recover ID files. Ideally, you should designate several administrators who will act as a group to recover IDs and passwords. Although you can designate a single administrator to manage ID recovery, you should consider having two or more administrators work together to recover ID files. Designating a group of administrators helps to prevent a breach of security by one administrator who has access to all ID files. When you designate a group of administrators, you can specify that only a subset of them be present during the actual ID recovery. For example, if you designate five administrators for ID recovery but require only three administrators to unlock the ID file, any three of the five can unlock the ID file. Designating a group of administrators and requiring only a subset also prevents problems that occur if one administrator is unavailable or leaves the company. Before you can recover ID files, an administrator who has access to the certifier ID file must specify recovery information, and the ID files themselves must be made recoverable. There are three ways to do this: At registration, administrators create the ID file with a certifier ID that contains recovery information. Administrators export recovery information from the certifier ID file and have the user accept it. (Only for Domino 6 servers) Administrators change recovery information using a Domino 6 Administrator client. Subsequently, recovery information is added automatically to users' Notes IDs when users authenticate to their home server. Domino stores ID recovery information in the certifier ID file. The information stored includes the names of administrators who are allowed to recover IDs, the address of the mail or mail-in database where users send an encrypted backup copy of their ID files, and the number of administrators required to unlock an ID file. The mail or mail-in database contains documents that store attachments of the encrypted backup ID files. These files are encrypted using a random key and cannot be used with Notes until they are recovered. An encrypted backup copy of the ID file is required to recover a lost or corrupted ID file. Recovering an ID file for which the password has been forgotten is a bit easier. If the original ID file contains recovery information, administrators can recover the ID file, even if an encrypted backup ID file doesn't exist. You can set up ID recovery for user IDs at any time. If you do so before you register users, ID recovery information is automatically added to user IDs the first time that users authenticate with their home servers. If you set up ID recovery information after you have registered Notes users, recovery information is automatically added to the user IDs the next time users authenticate with their home servers. Caution If your users will be enabling Smartcards to use with their Notes IDs, it is extremely important to set up ID recovery information for these IDs before any Internet keys are pushed onto the Smartcard. Otherwise, the ID file recovery process will not be able to restore those keys. Additionally, acquiring recovery information, through any means, makes any Internet keys that had been previously pushed to the Smartcard unrecoverable. How ID recovery works For each administrator, the user's ID file contains a recovery password that is randomly generated and encrypted with the administrator's public key. The password is unique for each administrator and user. For example, administrator Randi Bowker has a unique recovery password for user Alan Jones, and that password is stored in Alan's ID file. Administrator Randi Bowker has a unique recovery password for user Susan Salani, and that password is stored in Susan's ID file. To recover an ID, users and administrators do the following: 1. A user contacts each designated administrator to obtain the administrator's recovery password. 2. The administrator obtains the recovery password by decrypting the recovery password stored in the user's ID file using the administrator's private key. 3. The administrator then gives the recovery password to the user. 4. The user repeats Steps 1 through 3 until the minimum number of administrators to unlock the ID file is reached. 5. After the file is unlocked, the user must enter a new password to secure the ID file. Tip The same ID file can be recovered again using the same recovery passwords. However, you should urge users to refresh the recovery information and create a new backup by re-accepting the recovery information after they recover their ID files. When users acquire a new public key, accept a name change, or accept or create a document encryption key, Domino automatically sends updated encrypted backup ID files to the centralized database. In the case of a server-based certificate authority , the recovery database will be updated once the user has connected to the server. Recertifying a user does not generate an encrypted copy of the ID file to be sent to the recovery database as a user's Person Document already contains the updated public key. To help prevent unauthorized users from recovering IDs without the authorized user's knowledge, make sure that password verification is enabled for users and servers. If password verification is enabled, the authorized user is aware of the change because the user cannot access servers using the legitimate ID. When the unauthorized user recovered the ID file, that user was forced to make a password change. For more information on password verification, see the topic Verifying user passwords during authentication. As an extra precaution, after recovering IDs, ask users to re-accept the recovery information and then change the public key on their ID files. Re-accepting recovery information changes recovery password information in the ID file. Changing the public key changes the public and private keys stored in the ID file.
    3,845 pointsBadges:

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

Thanks! We'll email you when relevant content is added and updated.


Share this item with your network: