When the Domino Certificate Authority and ID/password recovery features do not work correctly, they can be a source of great frustration to Notes/Domino administrators.
Last month I wrote about the benefits of using these two features together. This new article will provide some additional information to help your implementation go smoothly. This information will for the most part apply to password recovery, whether or not you are using the Domino Certificate Authority. It will also discuss some improvements found in R7.
Resetting a password
Most of what is written about ID/password recovery (including my own articles) concerns how to set it up correctly. In practice, however, the feature is most common used to reset a forgotten password or restore a corrupted ID. The Notes documentation on these operations can be confusing, due to different meanings of the word "password."
There are two key ideas for users to understand about password reset.
A user who forgets their password should take the following steps:
To help a user reset a Notes ID password, an administrator should take the following steps:
Recovering an ID file
Recovering a lost or corrupted ID file is the same as resetting the password for an existing ID file, with one addition. Before the process can begin, ask a Notes administrator to send you the latest encrypted backup copy of your ID file (from the ID Recovery database).
Since you are locked out of your Notes workstation, the administrator cannot simply send the ID to you by e-mail. You will need to retrieve the backup ID file either by going to the administrator's office, using a co-worker's e-mail account or by getting the file put on a diskette or CD and having it sent to you by snail mail.
Once you have the backup ID file, install it into the Notes\
Data directory on your computer. If the file comes to you with a temporary name, such as ~~tmpid.ide, you should rename it to some
To continue reading for free, register below or login
To read more you must become a member of SearchDomino.com
thing more meaningful, such as firstname_lastname.id.
(If all IDs are stored in a shared network folder, the administrator may do some of these steps for you, by placing the ID file directly in the network folder. In some cases, administrators can put the ID file directly onto your C drive.)
Password reset can now proceed just as outlined above, as if you had forgotten the password for the ID.
Backup IDs in recovery database
When an administrator makes changes to recovery information in a certifier, that information is pushed out to each user's ID file. In turn, a new encrypted backup copy of the ID file is sent from each user to the ID Recovery database on the server. Both of these operations happen silently and automatically. In some instances, however, administrators have reported that Notes takes a long time to send users' backup ID files to the ID Recovery database. If this is the case, here are some tricks that may move things along.
Notes/Domino R7 contains two useful additions to the password recovery feature. The first is that the length of the recovery password is configurable, so it can be less than 16 characters. This is helpful if the users in your organization often forget their passwords, and if you are willing to sacrifice some security for convenience.
The second enhancement is that there is better logging of Notes client operations during the silent process of sending new recovery information to user ID files, and the transmission of new backup IDs to the server. These log entries are found in the local log.nsf on each user's workstation.
One final word of advice that applies to all versions of Notes/Domino: Certifiers themselves, whether top-level or organization unit, cannot be reset by password recovery. So be sure to remember those certifier passwords.
For further information, you can check out Domino Administrator 7 Help / Index / IDs / Recovering or Notes 7 Help / Index / Passwords / Recovering.
Chuck Connell is president of CHC-3 Consulting, which helps organizations with all aspects of Domino and Notes.
