This extra level of key verification protects against misuse of a lost or compromised ID file. Typically, if an ID file is lost, its owner needs to be registered to create a new ID file and directory entry; and if the ID file has been compromised then the owner's public and private keys need to be rolled-over and that new set of keys need to be certified (thus updating the directory entry). By enabling directory-level key checking, an attacker in possession of the old ID file will not be able to use it to access the server, even though that old ID file may contain a valid certificate.

You can also choose to control whether a log message is generated if authentication succeeds but a mismatch is detected. This allows admistrators to detect when the ID file contents have gotten out of sync with directory entries, but to do so without preventing those users from authenticating because of public key mismatches.

For more information, see Public key security.

1. From the Domino Administrator, click the Configuration tab, and open the Server document.

2. Click the Security tab.

3. In the Security Settings section, click the drop-down list next to "Compare public keys" and choose one of the following options:

• Enforce key checking for all IBM® Lotus® Notes® users and Domino servers --to compare the key value in the certificates passed during authentication against the key value stored in in the Domino Directory. Any user or server not listed in a trusted directory will be treated as if it failed this verification check and will not be allowed to access this server.
• Enforce key checking for Notes users and Domino servers listed in trusted directories only -- to compare the key value in the certificates passed during authentication against the key value stored in in the directory only when the user or server is listed in a trusted directory. Any user or server not listed in a trusted directory will be treated as if it passed this verification check.
Note This option allows administrators to give users not listed in the directory access to databases and applications on the server. For example, a database may have its Access Control List configured to give editor access enabled for users listed in the Domino Directory, and reader access for everyone else. So if this key checking option is enabled, users not listed in the directory can still access the server to use the database, for which they will have reader access only.
• Do not enforce key checking -- if you want only the certificate signatures checked during authentication, but not verify the keys against the directory contents.

• Log key mismatches for all Notes users and Domino servers -- to log events that occur when the key value in the certficates passed during authentication does not match the key value stored in the Domino Directory.
• Log key mismatches for Notes users and Domino servers listed in trusted directories only -- to log events that occur when the key value in the certficate passed during authentication does not match the key value stored in the directory only when the user or server is listed in a trusted directory.
• Do not log key mismatches -- to log only authentication failures.

Glossary