SECURITY


Using Notes client single logon to synchronize Notes and OS passwords
If your IBM® Lotus® Notes® users' Microsoft® Windows® passwords are synchronized with their Notes passwords, allowing them to use the same password for both Notes and their operating system you (or they) must have selected the custom feature "Client Single Logon" while installing Notes.

Note If possible, use the newer Notes shared login feature, which eliminates Notes passwords, rather than "Client Single Logon." Notes shared login is enabled through policy configuration. If "Client Single Login" is installed on clients, it must be uninstalled before Notes shared login can be enabled.

The user's computer's name cannot be the same as the operating system (OS) login name when using Client single logon. The IBM® Lotus® Domino®/Notes Client Single Logon feature does not work when the OS login name is identical to the computer name, and the user logs in with the OS name. If Client Single Logon is not working properly on a user's system, change the OS login user name or the user's computer's name.

When users install Lotus Notes they can choose the Notes option "Client Single Logon Feature." When installation is complete, users must restart the client to allow single logon to take effect.

When the user restarts Notes:


The single logon feature is then fully operational.

Note To disable the Notes single login feature, click File - Security - User Security and disable the "Login to Notes using your operating system login" setting in the "Your Login and Password Settings" area of the Security panel. After disabling single sign-on, use your Windows password to log in to Notes.

OS and Domino password policies must be aligned as closely as possible to allow password synchronization to work. During OS password changes, the Notes Network Provider must be able to change the Notes ID to the new password provided by the OS. Notes is notified of the new OS password only after the OS password has been changed. If the new OS password does not meet the Notes password quality and history requirements, the Notes password change will fail.

During Notes password changes, the Notes client must be able to change the OS password to the new Notes password. If the new Notes password does not meet the OS password quality and history requirements, the OS password change will fail.

For bidirectional password synchronization, the Notes Network Provider must be able to access a user's NOTES.INI file and Notes ID file. The table below shows the required location for the NOTES.INI file according to type of installation:
Install TypeLocation
Single UserThe NOTES.INI file must exist in the Notes directory as specified in the HKEY_LOCAL_MACHINE registry key.
Multi UserThe NOTES.INI file must be specified in the HKEY_USERS registry key: ("<sid>\SOFTWARE\Lotus\Notes\8.0\NotesIniPath")
Operating system (OS) password changes, that is, password changes that are initiated outside of Lotus Notes, occur in the system access control environment; therefore, the NOTES.INI file and the Notes ID file must reside on a local drive.

To check whether the single logon feature is already installed, choose File - Security - User Security - Security Basics. If the client single logon feature is installed, the option "Login to Notes using your operating system login" is enabled.

Related topics