Let me make sure I understand the setup here…Authentication to the Domino server is not handled by Domino itself. You are using the Tivoli Access Manager WebSEAL product to provide two-factor authentication for connection requests. So, by the time a user connects to Domino, they have already been authenticated to your overall network. Assuming this is correct, here is my take on it:
I guess you could set Anonymous=Editor. This would give anyone connecting to Domino Editor access, since he/she has already been authenticated by WebSEAL. The problem with this is that Domino never knows the identity of any user. So you cannot distinguish someone who should be Author from someone who should be Editor or Reader, etc. Also, Domino won't know the name of any user. (Your code could ask their names, but they could lie, since you are not authenticating their names.)
So, I guess your scheme is "secure" in the sense that only valid users can connect to the Domino server, and you want any such user to be Editor (or maybe Author). But you will have to think carefully about what you want the Domino application to do. Will it really work right if every user is Anonymous and cannot reliably be distinguished from every other user?
(If any other reader has experience with this setup, I would love to hear about it.)
This was first published in April 2004