Manage Learn to apply best practices and optimize your operations.

Secure Lotus Notes 8 with the Internet password lockout feature

Read how the Lotus Notes 8 Internet password lockout feature increases system security by allowing administrators to track and log HTTP access attempts.

With a growing number of security threats, Lotus Notes Domino administrators may want to track and log all access attempts to their HTTP environments. A new option in Lotus Notes Domino 8 -- the Internet password lockout feature -- gives administrators added security.

The Internet password lockout feature provides a mechanism, through the inetlockout.nsf database, to track all access attempts to the HTTP environment. An Internet lockout database can be created manually during server startup, after the process has been configured or during the first request to view a Lotus Notes document. It can also be created when generating a document within the Lotus Notes database.

Note: For the newly created database to work, the service must be running for 10 minutes unless you reboot the Lotus Domino server.

Administrators can enable the Internet password lockout feature for the entire environment through a configuration document. It can also be enabled using a security policy that locks out users from HTTP access on an individual basis. Both methods include the same options.<</p>

The configuration setting:

  • Enables the feature
  • Sets the logging feature to report lockouts and/or failures
  • Sets the maximum number of attempts allowed; lockout expiration times in minutes, hours and days; and the maximum interval between tries in minutes, hours and days.

Internet_Password_Lockout_Configuration_ Settings

The lockout feature only applies to HTTP access. A traditional anti-spoofing mechanism is leveraged within the Notes client; therefore, this feature doesn't support services such as LDAP, POP, IMAP, DIIOP, Lotus Quickplace and Lotus Sametime. Additionally, if your Lotus Notes Domino environment uses a customized DSAPI filter, the Internet password lockout feature may not function because these filters can be coded to bypass the standard Domino login facility.

Do you have comments on this tip? Let us know.

This tip was submitted to the tip library by member Jim Mck. Please let others know how useful it is via the rating scale below. Do you have a useful Lotus Notes, Domino, Workplace or WebSphere tip or code snippet to share? Submit it to our monthly tip contest and you could win a prize.

Dig Deeper on Lotus Notes Domino Password Management

  • Favorite iSeries cheat sheets

    Here you'll find a collection of valuable cheat sheets gathered from across the iSeries/ community. These cheat ...