Manage Learn to apply best practices and optimize your operations.

Secure Lotus Notes 8 with the Internet password lockout feature

Read how the Lotus Notes 8 Internet password lockout feature increases system security by allowing administrators to track and log HTTP access attempts.

With a growing number of security threats, Lotus Notes Domino administrators may want to track and log all access attempts to their HTTP environments. A new option in Lotus Notes Domino 8 -- the Internet password lockout feature -- gives administrators added security.

The Internet password lockout feature provides a mechanism, through the inetlockout.nsf database, to track all access attempts to the HTTP environment. An Internet lockout database can be created manually during server startup, after the process has been configured or during the first request to view a Lotus Notes document. It can also be created when generating a document within the Lotus Notes database.

Note: For the newly created database to work, the service must be running for 10 minutes unless you reboot the Lotus Domino server.

Administrators can enable the Internet password lockout feature for the entire environment through a configuration document. It can also be enabled using a security policy that locks out users from HTTP access on an individual basis. Both methods include the same options.<</p>

The configuration setting:

  • Enables the feature
  • Sets the logging feature to report lockouts and/or failures
  • Sets the maximum number of attempts allowed; lockout expiration times in minutes, hours and days; and the maximum interval between tries in minutes, hours and days.

Internet_Password_Lockout_Configuration_ Settings

The lockout feature only applies to HTTP access. A traditional anti-spoofing mechanism is leveraged within the Notes client; therefore, this feature doesn't support services such as LDAP, POP, IMAP, DIIOP, Lotus Quickplace and Lotus Sametime. Additionally, if your Lotus Notes Domino environment uses a customized DSAPI filter, the Internet password lockout feature may not function because these filters can be coded to bypass the standard Domino login facility.

Do you have comments on this tip? Let us know.

This tip was submitted to the tip library by member Jim Mck. Please let others know how useful it is via the rating scale below. Do you have a useful Lotus Notes, Domino, Workplace or WebSphere tip or code snippet to share? Submit it to our monthly tip contest and you could win a prize.

Dig Deeper on Lotus Notes Domino Password Management

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.



  • iSeries tutorials's tutorials provide in-depth information on the iSeries. Our iSeries tutorials address areas you need to know about...

  • V6R1 upgrade planning checklist

    When upgrading to V6R1, make sure your software will be supported, your programs will function and the correct PTFs have been ...

  • Connecting multiple iSeries systems through DDM

    Working with databases over multiple iSeries systems can be simple when remotely connecting logical partitions with distributed ...