SECURING


Examples of name variations allowed for Internet client authentication

The level of security partially depends on the number of name variations. Limiting the number of name variations users can employ during Internet authentication provides for greater security.

Allowing more variations

Using the More name variations authentication level, Alan Jones/Sales/East/Renovations can enter the following names when using a browser to authenticate with a Domino® Directory:

Table 1. Names that can be used when authenticating with less security
Example Description
Alan JonesCommon name
AlanFirst name
JonesLast name
AjonesShort name
Alan Jones/Sales/East/Renovations/USFull hierarchical name (abbreviated)
cn=Alan Jones/ou=East/ou=Sales/o=Renovations/c=usFull hierarchical name (canonical)
cn=Alan JonesCommon name with CN=prefix
alan_jones@renovations.comInternet (e-mail) address

If you want to authenticate Alan in an LDAP Directory, he can use a browser to enter the following names:

Table 2. Names that can be used to authenticate in an LDAP directory with weaker security
ExampleDescription
Alan JonesCommon name
AlanGivenname
JonesSurname
AjonesUID
cn=Alan Jones, cn=recipients, ou=Sales, ou=East, o=Renovations, c=us (valid for a Microsoft™ Exchange server)Full hierarchical name (canonical)
cn=Alan Jones (valid for Domino Directory)Common name with CN=prefix
uid=ajones, ou=Sales, ou=East, o=Renovations, c=us (valid for a Netscape Directory Server)Full hierarchical name (canonical)
uid=ajones (valid for Netscape Directory Server)UID with UID=prefix
Alan Jones/Sales/East/Renovations/USFull hierarchical name (abbreviated)
alan_jones@renovations.comLDAP mail attribute

Allowing fewer name variations

Using the Fewer name variations authentication level, Alan Jones/Sales/East/Renovations can enter only the following names when using a browser to authenticate with a Domino Directory:

Table 3. Names that can be used when authenticating with higher security
ExampleDescription
Alan Jones/Sales/East/RenovationsFull hierarchical name (abbreviated)
CN=Alan JonesCommon name with CN= prefix
Alan JonesCommon name
cn=Alan Jones/ou=East/ou=Sales/o=Renovations/c=usFull hierarchical name (canonical)
alan_jones@renovations.comInternet (e-mail) address

If you want to authenticate Alan in an LDAP Directory, he can use a browser to enter the following names:

Table 4. Names that can be used to authenticate in an LDAP directory with higher security
ExampleDescription
AJonesUID
Alan JonesCN
cn=Alan Jones, cn=recipients, ou=Sales, ou=East, o=Renovations, c=us (valid for a Microsoft Exchange server)DN
cn=Alan Jones (valid for a Domino Directory)CN with CN=prefix
uid=ajones, ou=Sales, ou=East, o=Renovations, c=us (valid for a Netscape Directory Server)DN
uid=Ajones (valid for a Netscape Directory Server)UID with UID= prefix
alan_jones@renovations.comLDAP mail attribute

Parent topic: Controlling the level of authentication for Internet clients

Related tasks
Controlling the level of authentication for Internet clients