QUESTION & ANSWER

Ask the Experts: Frederic Dahm answers security questions

By Dana L. McCurley 28 Mar 2003 | SearchDomino.com

Digg This!     StumbleUpon     Del.icio.us

SearchDomino.com: I have two Domino R5.05 application/mail servers that I would like to create an "intranet" of sorts on. My intent is to allow Webmail users to also be able to access their NT Server-based file storage folders. We currently use WebMailRedirect for the mail files with Custom Login Forms.

How do I allow authenticated Domino users to also authenticate and browse/upload/download NT files?
Frederic Dahm: One way you may be able to do this is to use Microsoft IIS as the HTTP stack for the Domino server. In this case, via ISAPI, you can rely on NT credentials to be used to authenticate users when they access the Domino/IIS server. All requests to .NSF files will be passed on to the Domino server and all other requests will be treated by the IIS server, which would potentially be able to do what you want, but you'll have to be mindful of the security settings of the IIS server, especially if you let users browse, upload and download files located on the file system.

I hope this helps.

SearchDomino.com: How can I recover a password?
Frederic Dahm: The answer is "it depends," since there are a number of passwords managed in Notes/Domino and the answers vary between Notes ID passwords and Web passwords. I'll try to cover all types.

Let's first handle passwords used to protect Notes IDs. The purpose of these passwords is simply to decrypt the information contained in the ID so that the authentication/validation process can take place. I won't detail this process here, I'll just ask you to consult the Redbook about it, which can be found here.

In regards to recovering Notes ID passwords, I believe that the best information for you resides in the Nov. 1, 2001 article by Timothy Speed and Mary LaRoche entitled -- plainly enough -- ID password recovery.

In regards to Web passwords (i.e., the password potentially contained in each Person Document in the Domino Directory), this is a little bit different. Since this is a string contained in the document, simply tell the person, if he/she has forgotten it, to think of another good password and enter it in the person's document (remember to press quickly the F9 function key to have it hashed so that someone won't be able to read it over your shoulder).

SearchDomino.com: We are running Domino 5.0.10 and a mix of the 5.0.7 & 5.0.10 Notes clients. For some reason I have had two users whose inboxes have vanished from their Notes client. From what they tell me they didn't delete it.

I was wondering how to restore the inbox and if you had any experience as to why this would be happening? Any information you can give would be appreciated.
Frederic Dahm: I've had a problem a little bit like yours at a client site, where a handful of users suddenly ended up with a second inbox. The Lotus Notes On Data Structure (ODS) is a very robust data structure, but sometimes corruption can occur and bring with it some weird behavior. This was the case with some of the databases at the client site and seems to be the case with your two users.

The fix is straightforward. Go to the Workspace, Press the right Ctrl and Shift buttons, right-click on the database's icon, select Database then Go to.... This will bring up a dialog box of all views and folders (even the hidden ones -- a nifty trick to remember). Scan to see if the Inbox folder is there. It could be that it still is there but has been renamed in some sort of way. If it's there, delete it. If it's not there, well, it's been obviously deleted.

To restore the Inbox, run the database through a refresh design, by again right-clicking on the database icon and selecting Database then Refresh Design... This will ensure that all the elements in the template are present in the database and thus, the inbox will be restored that way.

Finally, as to why this would happen for only a couple of users, I'm sorry to say I can't really tell with the information I have at hand.

Frederic has more questions to answer as well:
Read on: Part 2.

Tags: Lotus Notes Domino Password Management,  Lotus Notes Domino Access, Permissions and Authentication,  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Lotus Notes Domino Password Management An introduction to ID Vault in Lotus Notes/Domino 8.5 How to manage passwords to secure Lotus Notes/Domino environments An introduction to Lotus Notes password options and essentials Secure Lotus Notes 8 with the Internet password lockout feature Lotus Notes Domino password management tips Cracked users' HTTP passwords still a threat on many Lotus Notes R6 and R7 domains Multiple new Sober variants spy on passwords Resetting a Lotus Notes password FAQ: Lotus Notes Domino password issues Hashing out stronger password authentication Lotus Notes Domino Access, Permissions and Authentication Display Lotus Notes user group membership details in a tree view How DirLint verifies data in Lotus Notes Domino 8 directories Fix and update Lotus Notes documents with limited access Lotus Notes access error: 'database is not opened yet' Formula language button manages Deny Access list searches Update the ACL from the Roles view with LotusScript Secure Lotus Notes 8 with the Internet password lockout feature Find a Lotus Notes user within NAB Deny Access groups Move a Lotus Domino server to a new certifier without a reinstall Troubleshoot Lotus Notes Out of Office (OOO) agent error messages

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary