Lotus Domino Administrator 8.5 Help - Setting up basic name-and-password authentication

SECURITY

Setting up basic name-and-password authentication
To enable basic name-and-password authentication, for both TCP and SSL, for all Internet protocols: Web (HTTP); IMAP; POP3; LDAP; SMTP Inbound; and IIOP, you must complete three separate procedures:

Create an Internet Site for the Internet protocol for which you want to require a name and password.
Edit the Server document to specify which Internet protocols require a name and password.
Create a Person document for each user in the IBM® Lotus® Domino® Directory on the Domino server and assign an Internet password to each user. It should be noted that users can be located instead in an external LDAP directory that is accessible to Domino through Directory Assistance.
Edit server database ACLs to give users access.

To enable basic name-and-password authentication for Internet Site documents

Note Be sure the option for the use of Internet Sites is enabled in the Server document.

1. From the Domino Administrator, click Configuration - Web - Internet Sites.

2. In the Internet Sites view, select the Internet Site document for which you want to enable name-and-password authentication.

3. In the Internet Site document, click Security.

If you want clients to use name-and-password authentication when they connect using TCP/IP, select Yes in the Name & password field in the TCP Authentication section.
If you set up SSL on the server and you want clients to use name-and-password authentication when they connect using SSL, select Yes in the Name & password field in the SSL Authentication section.

4. Save the document.

To enable basic name-and-password authentication in the Server document

Note Be sure the option for the use of Internet Sites is not enabled in the Server document.

1. From the Domino Administrator, click Configuration, and open the Server document.

2. Click Ports - Internet Ports. This displays four tabs: Web, Directory, Mail, and IIOP. Each tab lists protocols appropriate for its name -- for example, the Web tab lists HTTP/HTTPS, and the Mail tab lists IMAP, POP3, and SMTP.

3. Click the protocol for which you want to specify name-and-password authentication. For each protocol, do the following:

If you want clients to use name-and-password authentication when they connect using TCP/IP, select Yes in the Name & password field in the TCP/IP section.
If you set up SSL on the server and you want clients to use name-and-password authentication when they connect using SSL, select Yes in the Name & password field in the SSL section.

4. Save the document.

Note If you want LDAP clients to access the server using name-and-password authentication, you must also allow anonymous access for LDAP on the server as well. LDAP clients who access the server using a browser supply an e-mail address for authentication, and the client searches for the address anonymously before Domino can authenticate the user.

To create Person documents for Internet/intranet users

1. In the Domino Directory, create a Person document for each user who needs to access the server. (You can also edit the Person document of an existing user.)

Note

Users can also be created in secondary Domino directories or external LDAP directories, if your server is configured to use them.

2. In each Person document, complete these fields, and then save the document:

Field	Action
First name, Middle initial, Last name	Enter the user’s first name, middle initial, and last name. The user's last name is required.
User name	(Required) Enter the user’s full name. This is the name the user enters when trying to access a server. This field can contain multiple names. As Domino uses the first name in this field to validate a user in database ACLs, design access lists, groups, and File Protection documents, the first name in this field should be the user's Domino distinguished name (DN). The second name should be the common name (CN) portion of the DN. For example, this field can contain these names: Alan Jones/Sales/Acme Alan Jones Al Jones AJ When prompted for his name and password, the user can enter "Al Jones" as his name. However, Domino uses "Alan Jones/Sales/Acme" to validate him in database ACLs and design access lists. Therefore, the name “Alan Jones” must be the one that appears in ACLs and design access lists. Note You should always use the user's hierarchical name -- for example, Alan Jones/Acme/US -- to help eliminate ambiguous or duplicate user names.
Internet password	(Required) Specify the user’s Internet password.

To edit database ACLs

After you edit the Server document and create Person documents, edit the database ACL of each database to which you want to give users access.

Related topics

Understanding Internet site documents

Setting up SSL on a Domino server

Setting up Internet/intranet clients for anonymous access

Configuring a database ACL

Session-based name-and-password authentication for Web clients

Glossary

Feedback on Help or Product Usability?

Help on Help

All Help Contents

Glossary