SECURING


Setting up password verification

You can enable password verification through the use of a security policy settings document, which allows you to enable this feature for multiple users, or you can enable password verification on an individual basis through the Domino® Directory.

Before you begin

Make sure that:


About this task

You can also choose to lock out a user's ID, which prevents the user from logging into the server. You can lock out user IDs through a policy, or individually through the Person document.

Note: You cannot use both a policy and the Person document. Policy settings will always supersede any settings in Person documents.

CAUTION: Do not enable password expiration for users whose ID files are locked with Smartcards. Otherwise, it is possible that a user's ID could be locked out until password expiration can be cleared. You should also be sure that the required change interval and allowed grace period is set at zero.

Parent topic: Domino server and Notes user IDs

To enable password verification for individual users

Procedure

1. From the Domino Administrator, click People & Groups.

2. Select each Person document for which you want to enable password checking.

3. Choose Actions -> Set Password Fields, and then click Yes to continue.

4. In the Check Notes Password field, select Check password.

5. Complete these fields, and then click OK:

6. Optional: You can also choose to force individual users to change their Internet passwords the next time they log in. In the Force users to change Internet password on next login dialog box, click Yes.

To disable password verification for an individual user

About this task

When you disable password verification for a user, Domino does not check passwords for the user even if password verification is enabled for the server.

Procedure

1. From the Domino Administrator, click People & Groups using a network connection to the Domino Directory.

2. Select each Person document for which you want to enable password checking.

3. Choose Actions -> Set Password Fields, and then click Yes to continue.

4. In the Set Passwords Fields dialog box, select Don't check password, and then click OK.

To lock out an individual user's ID

Procedure

1. From the Domino Administrator, click People & Groups using a network connection to the Domino Directory.

2. Select the Person document of the user whose ID will be locked out.

3. Choose Actions -> Set Password Fields, and then click Yes to continue.

4. In the Set Passwords Fields dialog box, select Lockout ID, and then click OK.

To enable password verification on servers

About this task

To use password verification for Notes users, you must enable password verification for both users and servers. Do the following to enable password verification on each server with which these users authenticate:

Procedure

1. From the Domino Administrator, click Configuration.

2. Open the Server document of the server for which you want to enable password verification.

3. Click Security, and then in the Check passwords on Notes IDs field, select Enabled.


4. Repeat for each server on which you want to enable password verification.

To disable password verification for a server

About this task

When you disable password verification for a server, Domino does not check passwords for any users who access the server, even if the user has password verification enabled.

Procedure

1. From the Domino Administrator, click Configuration.

2. Open the server document of the server for which you want to disable password verification.

3. Click Security, and then in the Check passwords on Notes IDs field, selectDisabled.

4. Repeat for each server on which you want to disable password verification.

Related concepts
Verifying user passwords during authentication
The Administration Process

Related tasks
Creating a security policy settings document