SECURITY


Setting up password verification
You can enable password verification through the use of a security policy settings document, which allows you to enable this feature for multiple users, or you can enable password verification on an individual basis through the IBM® Lotus® Domino® Directory.

You can also choose to lock out a user's ID, which prevents the user from logging into the server. You can lock out user IDs through a policy, or individually through the Person document.

Note It is a good practice to select one method of password verification or ID lockout. You cannot use both a policy and the appropriate setting in the Person document. Policy settings will always supercede any settings in Person documents.

To enable password verification for individual users

1. Make sure that:

2. From the Domino Administrator, click People & Groups.

3. Select each Person document for which you want to enable password checking.

4. Choose Actions - Set Password Fields, and then click Yes to continue.

5. In the Check Notes Password field, select "Check password."

6. Complete these fields, and then click OK:
FieldAction
Required change intervalEnter the length of time, in days, that a password can be in effect before it must be changed. Default is zero.
Allowed grace periodEnter the length of time, in days, that users have to change an expired password before being locked out. Default is zero, meaning that users are not locked out.
7. (Optional) You can also choose to force individual users to change their Internet passwords the next time they log in. In the "Force users to change Internet password on next login" dialog box, click Yes.

Caution Do not enable password expiration for users whose ID files are locked with Smartcards. Otherwise, it is possible that a user's ID could be locked out until password expiration can be cleared. You should also be sure that the required change interval and allowed grace period is set at zero.

To disable password verification for an individual user

When you disable password verification for a user, Domino does not check passwords for the user even if password verification is enabled for the server.

1. From the Domino Administrator, click People & Groups using a network connection to the Domino Directory.

2. Select each Person document for which you want to enable password checking.

3. Choose Actions - Set Password Fields, and then click Yes to continue.

4. In the Set Passwords Fields dialog box, select "Don't check password," and then click OK.

To lock out an individual user's ID

1. From the Domino Administrator, click People & Groups using a network connection to the Domino Directory.

2. Select the Person document of the user whose ID will be locked out.

3. Choose Actions - Set Password Fields, and then click Yes to continue.

4. In the Set Passwords Fields dialog box, select "Lockout ID," and then click OK.

To enable password verification on servers

To use password verification for IBM® Lotus® Notes® users, you must enable password verification for both users and servers. Do the following to enable password verification on each server with which these users authenticate:

1. From the Domino Administrator, click Configuration.

2. Open the Server document of the server for which you want to enable password verification.

3. Click Security, and then in the "Check passwords on Notes IDs" field, select Enabled.

4. Repeat for each server on which you want to enable password verification.

To disable password verification for a server

When you disable password verification for a server, Domino does not check passwords for any users who access the server, even if the user has password verification enabled.

1. From the Domino Administrator, click Configuration.

2. Open the server document of the server for which you want to disable password verification.

3. Click Security, and then in the "Check passwords on Notes IDs" field, select Disabled.

4. Repeat for each server on which you want to disable password verification.

Related topics