Secure Lotus Notes 8 with the Internet password lockout feature

Secure Lotus Notes 8 with the Internet password lockout feature

With a growing number of security threats, Lotus Notes Domino administrators may want to track and log all access attempts to their HTTP environments. A new option in Lotus Notes Domino 8 -- the Internet password lockout feature -- gives administrators added security.

    Requires Free Membership to View

    Login

    Register today to access targeted resources from our editorial writers and independent industry experts focused on Lotus Domino, Notes, Workplace and other related technologies.

    By submitting your registration information to SearchDomino.com you agree to receive email communications from TechTarget and TechTarget partners. We encourage you to read our Privacy Policy which contains important disclosures about how we collect and use your registration and other information. If you reside outside of the United States, by submitting this registration information you consent to having your personal data transferred to and processed in the United States. Your use of SearchDomino.com is governed by our Terms of Use. You may contact us at webmaster@TechTarget.com.

Related resources from SearchDomino.com:
Tutorial: Upgrading to Lotus Notes Domino 8

Cracked users' HTTP passwords still a threat on many Lotus Notes R6 and R7 domains

Lotus Notes Domino Password Management Reference Center

The Internet password lockout feature provides a mechanism, through the inetlockout.nsf database, to track all access attempts to the HTTP environment. An Internet lockout database can be created manually during server startup, after the process has been configured or during the first request to view a Lotus Notes document. It can also be created when generating a document within the Lotus Notes database.

Note: For the newly created database to work, the service must be running for 10 minutes unless you reboot the Lotus Domino server.

Administrators can enable the Internet password lockout feature for the entire environment through a configuration document. It can also be enabled using a security policy that locks out users from HTTP access on an individual basis. Both methods include the same options.<

The configuration setting:

  • Enables the feature

  • Sets the logging feature to report lockouts and/or failures

  • Sets the maximum number of attempts allowed; lockout expiration times in minutes, hours and days; and the maximum interval between tries in minutes, hours and days.

The lockout feature only applies to HTTP access. A traditional anti-spoofing mechanism is leveraged within the Notes client; therefore, this feature doesn't support services such as LDAP, POP, IMAP, DIIOP, Lotus Quickplace and Lotus Sametime. Additionally, if your Lotus Notes Domino environment uses a customized DSAPI filter, the Internet password lockout feature may not function because these filters can be coded to bypass the standard Domino login facility.

Do you have comments on this tip? Let us know.

This tip was submitted to the SearchDomino.com tip library by member Jim Mck. Please let others know how useful it is via the rating scale below. Do you have a useful Lotus Notes, Domino, Workplace or WebSphere tip or code snippet to share? Submit it to our monthly tip contest and you could win a prize.

This was first published in June 2008

Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.

Back to top