SECURITY


Validation and authentication for Internet/intranet clients
After you set up name-and-password access and create Person documents for Internet/intranet users, IBM® Lotus® Domino™ authenticates users when:
For example, when a user tries to open a database that has an ACL with No Access as the -Default-, Domino challenges the user for a valid user name and password. Authentication succeeds only if the user provides a name and password that matches the name and password stored in the user’s Person document (or in an LDAP directory - some users are authenticated against an LDAP directory rather than a Person record) and if the database ACL gives access to that user. Anonymous users are not authenticated.

You can use name-and-password and anonymous access with TCP/IP and SSL. Name-and-password and anonymous access with TCP/IP are described below.

This section also applies to Web clients who are accessing a Domino Web server for which session authentication has been enabled.

Note The Domino Web Server Application Programming Interface (DSAPI) is a C API that you use to write extensions to the Domino Web server. Using these extensions, or filters, you can customize the authentication of Web users. For more information on DSAPI, see the Lotus C API Toolkit for Domino and Notes. The toolkit is available at www.lotus.com/techzone.

How validation and authentication works

This example describes how a client (Andrew) uses TCP/IP to connect to a server (Mail-E).

1. Andrew tries to access a database on Mail-E.

2. The server checks the Internet Site document (or Server document) to determine if anonymous access is enabled for TCP/IP. If it is, then:

3. If anonymous access is disabled for the protocol or if the database ACL does not allow anonymous access, then the server checks the Internet Site (or Server document) to determine if name-and-password access is enabled for TCP/IP. If name-and-password access is enabled, then: See also