Q
Get started Bring yourself up to speed with our introductory content.

How can you prevent someone from using a copy of a cert ID with a different password?

I've read your explanations about security on the IDs, but I still have an unanswered question about the cert ID. I can change the password and even the public key via the Admin client using ID properties, but how can I prevent someone from using a copy of a cert ID with a different password? You don't have any Person document with which you can make the link and check the options "Check password...."

I was thinking about the "Check public key," but in this case I need to generate another public key for the certifier ID with other possible problems, and I must implement the solution for the whole company.

Do you have any magic solution?
The first, and obvious, answer is that all organizations should protect their certifier IDs very carefully. Having said that, this is difficult to do in practice. It is nearly impossible to prevent a trusted system administrator from taking home a copy of the cert ID on a diskette. However, Domino has two features which, taken together, give you pretty good protection.

  • The "check public keys" option on the server prevents someone from creating a bogus account for a real user. If someone uses a stolen cert id to make a new ID with the same name as an existing user, that new ID will have a different public key than the real user. So the bogus ID file will not work.

  • The server option to "only allow users listed in the NAB" prevents someone from creating new (unauthorized) user ID files offline. If such as ID is created, it will be signed with the real organization certifier, but it won't be listed in the NAB, so it will not have server access.

Do you have comments on this Ask the Expert Q&A? Let us know.

Dig Deeper on Lotus Notes Domino Security

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.

-ADS BY GOOGLE

SearchWindowsServer

Search400

  • iSeries tutorials

    Search400.com's tutorials provide in-depth information on the iSeries. Our iSeries tutorials address areas you need to know about...

  • V6R1 upgrade planning checklist

    When upgrading to V6R1, make sure your software will be supported, your programs will function and the correct PTFs have been ...

  • Connecting multiple iSeries systems through DDM

    Working with databases over multiple iSeries systems can be simple when remotely connecting logical partitions with distributed ...

SearchDataCenter

SearchContentManagement

Close