This forum is closed to new posts and responses. Individual names altered for privacy purposes. The information contained in this website is provided for informational purposes only and should not be construed as a forum for customer support requests. Any customer support requests should be directed to the official HCL customer support channels below:

HCL Software Customer Support Portal for U.S. Federal Government clients
HCL Software Customer Support Portal


~Mario Chuveluzenoopsi
Nov 6, 2015, 9:12 AM
7 Posts

Prevent people to login with a specific ID

  • Category: Administration
  • Platform: Windows
  • Release: 9.0.1
  • Role: Administrator
  • Tags:
  • Replies: 3

Dear all,

In my Domino environment, we have a specific Admin ID that a lot of IT people knows the password.

For security reason, I would like to change this password for preventing people to connect with this ID.

My problem is that a lot of people should have a local copy of this ID, so even if I change the password, they will be able to connect with the copy and the old password.

And because, this ID is used to sign a lot of databases, I can not delete it.

 

Can someone help me to sort this out ?

~Nicole Fezresamarjip
Nov 6, 2015, 12:53 PM
43 Posts
Enable password checking first before changing password

First you need to enable password checking and then change the password for that ID. That way even if someone have a copy of that ID and know the old password, they cannot use it to access your server since your server will check the password and compare it with the latest password it has.

After that you can review whether or not you actually need to distribute the ID. There are features like Certificate Authority or Password Reset Authority that allow you to delegate administration functionalities. 

~Fred Asatumiburynds
Nov 6, 2015, 12:59 PM
107 Posts
There's a setting for this in Domino Directory
Domino Directory > Open the relevant person record (i.e., the one that corresponds to your admin ID) in Edit mode. > Change to the Administration tab. > In the section titled 'Password Management', change the value of the 'Check password' field to 'Check password'. > Save and close the person record.

The setting will take effect next time a user authenticates with the server using the admin ID. An encrypted copy of the password will then be stored in the admin's person record. From then on, every time someone authenticates using the same ID, the password stored in the ID file will be compared against the encrypted copy of the password as stored in the person record. Access will be granted only if both are the same.

Next time you login with said admin ID, change the password for that ID right away. The changed password will then be registered in the person record. Make sure nobody else does the same before you do it, because otherwise you might end up being locked out yourself.

Note, however, that ID files with the old password can still be used in a purely local environment (while not connected to a server).
~Tanita Kiregenli
Nov 14, 2015, 1:39 AM
4 Posts
Key rollover then compare public keys
Since you have users who have a local copy of this admin.id, instead of blocking their copy of the admin id, i suggest that you JUST allow the copy of the admin.id that you have.
First you will have to do the roll over for the admin.id (this should generate a new public key)
then after the whole rollover process is finished ( might take a while) you should enable public key checking on the server document(s)

Roll over
http://www-12.lotus.com/ldd/doc/domino_notes/7.0/help7_admin.nsf/855dc7fcfd5fec9a85256b870069c0ab/3780d1607d87982c8525706f0065d651?OpenDocument


Public key checking
https://www-01.ibm.com/support/knowledgecenter/SSKTMJ_9.0.1/admin/conf_comparingpublickeyvalues_t.dita

This forum is closed to new posts and responses. Individual names altered for privacy purposes. The information contained in this website is provided for informational purposes only and should not be construed as a forum for customer support requests. Any customer support requests should be directed to the official HCL customer support channels below:

HCL Software Customer Support Portal for U.S. Federal Government clients
HCL Software Customer Support Portal