The Internet password lockout feature provides a mechanism, through the inetlockout.nsf database, to track all access attempts to the HTTP environment. An Internet lockout database can be created manually during server startup, after the process has been configured or during the first request to view a Lotus Notes document. It can also be created when generating a document within the Lotus Notes database.
Note: For the newly created database to work, the service must be running for 10 minutes unless you reboot the Lotus Domino server.
Administrators can enable the Internet password lockout feature for the entire environment through a configuration document. It can also be enabled using a security policy that locks out users from HTTP access on an individual basis. Both methods include the same options.<
The configuration setting:
- Enables the feature
- Sets the logging feature to report lockouts and/or failures
- Sets the maximum number of attempts allowed; lockout expiration times in minutes, hours and days; and the maximum interval between tries in minutes, hours and days.
The lockout feature only applies to HTTP access. A traditional anti-spoofing mechanism is leveraged within the Notes client; therefore, this feature doesn't support services such as LDAP, POP, IMAP, DIIOP, Lotus Quickplace and Lotus Sametime. Additionally, if your Lotus Notes Domino environment uses a customized DSAPI filter, the Internet password lockout feature may not function because these filters can be coded to bypass the standard Domino login facility.
Do you have comments on this tip? Let us know.
This tip was submitted to the SearchDomino.com tip library by member Jim Mck. Please let others know how useful it is via the rating scale below. Do you have a useful Lotus Notes, Domino, Workplace or WebSphere tip or code snippet to share? Submit it to our monthly tip contest and you could win a prize.
This was first published in June 2008