When we installed Domino to the AS/400, we had another company help us with this. As they were going through there instructions, this person made if very clear that we shouldn't change the passwords for these user.id, server.id, and cert.id's. When we created the domino server's, these Id's all got created with the same password. We have found that we need to replace our current Lotus Notes Administrator on the AS/400 and I am concerned, because he has these id's loaded at home, and has access externally.
What do I need to do to change these password, so our company will feel secure? What does it effect? Will I have to re-certify everyone's Id's? Is it as simple as using the CHGDOMSVR command, and re-issuing the new server id's to the remaining administrators?
I will recap our phone conversation, for the benefit of other readers.... Since your previous administrator has a copy of the server and certifier IDs (and knows their passwords), you are in a bit of a jam. Changing the passwords on your copies of these IDs won't help, since he still has his own copies that he can use. (The passwords are local to a particular copy of an ID file.) With the server ID he can masquerade as the server, and with the certifier he can create new user IDs with identical names to existing IDs.
We agreed that you should create a new certifier, with a new name. Then you can use the new certifier to make a new server ID and new user IDs. Change the ACLs on your databases to use the new organization name. This is some work, but you can then lock out any ID (including the servers) with the old organization certifier.
Best of luck,
Dig Deeper on Lotus Notes Domino Interoperability
Related Q&A from Chuck Connell
Is it possible to encrypt a user's name before sending an email? SearchDomino.com expert Chuck Connell weighs in. Continue Reading
Learn how to change authentication timeout interval for Domino Web Access logins. Continue Reading
SearchDomino.com expert Chuck Connell provides a resource for a Lotus Notes administrator who wants to filter out email containing the word "spam," ... Continue Reading