SECURITY


Preparing IDs for recovery
After you specify recovery information in the certifier ID, when you register users, the user IDs automatically contain recovery information. However, if you specified recovery information after generating user IDs, users must update their user IDs with recovery information supplied by the administrator. Updating IDs with recovery information automatically sends an encrypted backup of the user ID to the centralized mail or mail-in database.

Note For recovery to work, the administrator ID and the user ID must have key sizes of 1024 or less.

There are two ways that users can update their user IDs with recovery information:


Users can determine whether recovery information is present in their user ID by seeing whether the "Mail Recovery ID" button on the User Security dialog box is active. They can then click the button to send an encrypted backup of the user ID to the centralized mail or mail-in database.

To send recovery information to the user

The administrator completes these steps.

1. From the Domino Administrator, click the Configuration tab, and then click Certification.

2. Click Edit Recovery Information.

3. In the Choose a Certifier dialog box, if the correct server name does not appear, click Server and select the registration server name from the Domino Directory.

4. Choose the certifier for which you are creating recovery information.

5. Choose Export, and then enter the certifier ID's password.

6. Complete these fields, and then click Send:
FieldEnter
ToNames of users and groups whose ID files you want to back up.
CCNames of users and groups to whom you want to send a copy of the message.
SubjectInformation for users and groups that will appear in the Subject field of the message. If this field is blank, Notes uses the following text:

New ID file recovery information is attached. Please add it to your ID file by using the Actions menu "Accept Recovery Information" option.

MemoInformation for users and groups that will appear in the Body field of the message. Domino automatically attaches the encrypted backup file information to the message -- you do not need to specify it in this field.

To accept recovery information in the ID file

The user completes these steps.

1. After the administrator sends the recovery information, open the message in your mail database.

2. Choose Actions - Accept Recovery Information, and then enter your password.

3. Complete these fields, and then click Send.
FieldEnter
ToName of the mail or mail-in database that will store the backup copy of your ID. IBM® Lotus® Domino® enters the name of the database specified by your administrator.
CCNames of users and groups to whom you want to send a copy of the message.
SubjectInformation for administrators that will appear in the Subject field of the message. If this field is blank, IBM® Lotus® Notes® uses one of the following messages:
  • Backup of newly changed recovery information for user name
  • Backup of recent changes to ID file for user name
MemoInformation for administrators that will appear in the Body field of the message. Domino automatically attaches the backup of the ID file to the message; you do not need to specify it in this field.
IBM® Lotus® Domino® automatically sends the encrypted backup ID file to the centralized mail or mail-in database specified by the administrator.

Note You can store multiple copies of the ID file in the centralized mail or mail-in database. Domino creates a new document every time an ID file is backed up. When attempting to recover an ID file, use the most recent backup. If this fails, use the older versions.

Use the Notes.ini variable ID_Recovery_Suppress_Recovery to suppress the creation of the recovery memo, if you want to suppress the standard message that appears on the recovery email and replace it with a custom message.

Related topics