SECURITY


Setting up session-based name-and-password authentication
To set up single-server session-based name-and-password authentication for Web clients, you must complete three procedures:
To enable single-server session-based authentication for Web Site documents

1. From the Domino Administrator, click Configuration - Web - Internet Sites.

2. In the Internet Sites view, select the Web Site document for which you want to enable session authentication.

3. In the Web Site document, click Domino Web Engine.

4. In the HTTP Sessions section, complete these fields:
FieldAction
Session authenticationSelect single server. This is disabled by default.
Idle session timeoutEnter a default time period to log an inactive Web client off the server. Default is 30 minutes.
Maximum active sessionsEnter the maximum number of user sessions allowed on the server at the same time. Default is 1000.
5. Click Security, and enable name-and-password authentication for the TCP and for SSL (if using SSL).

6. Save the document.

To edit the Server document for single-server session-based name-and-password authentication

1. From the Domino Administrator, click Configuration, and open the Server document.

2. Click Internet Protocols - Domino Web Engine.

3. Complete these fields:
FieldAction
Session authenticationSelect single server. This is disabled by default.
Idle session timeoutA default time period to log an inactive Web client off the server. Default is 30 minutes.
Maximum active sessionsThe maximum number of user sessions allowed on the server at the same time. Default is 1000.
4. Click Ports - Internet Ports - Web, and enable name-and-password authentication for the TCP/IP port and for the SSL port (if using SSL).

5. Save and close the Server document.

To create Person documents for Web users

1. In the Domino Directory, create a Person document for each Web user who needs to access the server. (You can also edit the Person document of an existing user.)

2. In each Person document, complete these fields, and then save the document:
FieldAction
First name, Middle initial, Last nameEnter the user’s first name, middle initial, and last name. The user's last name is required.
User name(Required) Enter the user’s full name. This is the name the user enters when trying to access a server.

This field can contain multiple names. As Domino uses the first name in this field to validate a user in database ACLs, design access lists, groups, and File Protection documents, the first name in this field should be the user's Domino distinguished name (DN). The second name should be the common name (CN) portion of the DN.

For example, this field can contain these names:

  • Alan Jones/Sales/Acme
  • Alan Jones
  • Al Jones
  • AJ
When prompted for his name and password, the user can enter "Al Jones" as his name. However, Domino uses "Alan Jones/Sales/Acme" to validate him in database ACLs and design access lists. Therefore, the name “Alan Jones” must be the one that appears in ACLs and design access lists.

Note You should always use the user's hierarchical name -- for example, Alan Jones/Acme/US -- to help eliminate ambiguous or duplicate user names.

Internet password(Required) Specify the user’s Internet password.

To edit database ACLs

After you edit the Server document and create Person documents, edit the database ACL of each database to which you want to give users access.

For more information on setting up a database ACL, see the topic Configuring a database ACL.

See also