SECURITY


Setting up ID recovery
Before users can recover their ID files, you must set up ID recovery. Perform these steps before anyone loses or corrupts an ID -- ideally before you begin registering users.

1. From the IBM® Lotus® Domino™ Administrator, click Configuration, and then click Certification.

2. Click Edit Recovery Information.

3. In the "Choose a Certifier" dialog box, click Server and select the registration server name from the Domino Directory (only if the correct server name does not appear).

4. Choose the certifier for which you are creating recovery information.

5. Click OK. The "Edit Master Recovery Authority List" dialog box appears.

6. Enter the number of recovery authorities that are required to recover an ID file. It is recommended that you choose at least three.

7. Select the length of the recovery password from the drop-down list. The default is 16 characters.

8. Click Add and select the names of the administrators who are the designated recovery authorities.

9. Choose whether you want to use an existing mailbox for recovery information or create a new one.

10. In the Custom Recovery Message field, type a customized message for the "Enter passwords" dialog box that appears during the ID recovery process. For example, you may want to specify help desk contact information. Message length is limited to 512 characters.
11. Click OK.

12. If you are using a server-based certification authority, at the server console type:


13. In the mail-in database ACL, set the -Default- access to No access and give administrators Reader access.

Note If you have created additional O-level IBM® Lotus® Notes® certifiers, be sure to cross-certify them with the initial Lotus Notes certifier prior to setting up recovery information.

See also