SECURING
To control user and server access to other servers, Domino® uses the settings you specify on the Security tab in the Server document as well as the rules of validation and authentication. If a server validates and authenticates the Notes® user, Internet user, or server, and the settings in the Server document allow access, the user or server is allowed access to the server.
Grant server access to users and servers who need to access resources stored on the server. Deny access to prevent specified users and servers from having access to all applications on the server.
Access settings in the Server document control server access for both Notes and Internet users. By default, the Server access settings apply only to Notes clients. You can enable these settings for each of the Internet protocols through the Ports tab of the Server document.
Types of server access controls
Server access list
The server access list controls the access that Notes users, Domino servers, and users who access the server using Internet protocols (HTTP, IMAP, LDAP, POP3) have to that server. Keep in mind that using a server access list activates an additional security check and can, therefore, increase the time required to access the server.
Deny access list
The deny access list denies access to Notes users and Internet clients you specify. For example, use a deny access list to prevent access by users who no longer work for your company but who may still have their Notes user IDs, or who still have a Person document in the Domino Directory with a legitimate Internet password and would otherwise be able to access the server using an Internet protocol.
Notes ID lock out
Notes ID lock out denies access to Notes users you specify. Like a deny access list, Notes ID lock out prevents access by users who no longer work for your company but who may still have their user IDs.
Anonymous access
Anonymous access lets Notes users and Domino servers access the server without having the server validate and authenticate them. Use anonymous access to provide the general public with access to servers for which they are not cross-certified. When you set up anonymous server access, Domino does not record the names of users and servers in the log file (LOG.NSF) or in the User Activity dialog box.
When users attempt to connect to a server set for anonymous access and the server can't authenticate them, they see this message:
Server X cannot authenticate you because the server's Domino Directory does not contain any cross-certificates capable of authenticating you. You are now accessing the server anonymously.
You can also set up Internet clients to access servers anonymously.
Network port access
Network port access allows or denies access to specified Notes users and Domino servers, based on the network port they try to use. For example, you can deny access to Alan Jones/Sales/East/Renovations when he dials into the server but allow access when he uses TCP/IP to connect to the server.
Customizing access to a Domino server After you set up basic access for HCL Notes users and HCL Domino servers, you can customize access to restrict specific users and servers to specific activities.
Validation and authentication for Notes and Domino Whenever a Notes client or Domino server attempts to communicate with a Domino server to replicate, route mail, or to access a database, two security procedures use information from the client or server ID to verify that the client or server is legitimate. Validation establishes trust of the client's public key. If validation occurs successfully, authentication begins. Authentication verifies user identity, and uses the public and private keys of both the client and the server in a challenge/response interaction.
Related concepts Anonymous Internet and intranet access
Related tasks Setting up Notes user, Domino server, and Internet user access to a Domino server Denying Notes users access to all servers in a domain Controlling access to a specific server port