Let me make sure I understand the setup here…Authentication to the Domino server is not handled by Domino itself. You are using the Tivoli Access Manager WebSEAL product to provide two-factor authentication for connection requests. So, by the time a user connects to Domino, they have already been authenticated to your overall network. Assuming this is correct, here is my take on it:
I guess you could set Anonymous=Editor. This would give anyone connecting to Domino Editor access, since he/she has already been authenticated by WebSEAL. The problem with this is that Domino never knows the identity of any user. So you cannot distinguish someone who should be Author from someone who should be Editor or Reader, etc. Also, Domino won't know the name of any user. (Your code could ask their names, but they could lie, since...
you are not authenticating their names.)
So, I guess your scheme is "secure" in the sense that only valid users can connect to the Domino server, and you want any such user to be Editor (or maybe Author). But you will have to think carefully about what you want the Domino application to do. Will it really work right if every user is Anonymous and cannot reliably be distinguished from every other user?
(If any other reader has experience with this setup, I would love to hear about it.)
Related Q&A from Chuck Connell
Is it possible to encrypt a user's name before sending an email? SearchDomino.com expert Chuck Connell weighs in.continue reading
Learn how to change authentication timeout interval for Domino Web Access logins.continue reading
SearchDomino.com expert Chuck Connell provides a resource for a Lotus Notes administrator who wants to filter out email containing the word "spam," ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.