SECURITY
If a user has multiple ID files, the user change the password in each of them to match the new password. You cannot use password verification on ID files that contain multiple passwords.
Each time a user changes a password, the user must specify a unique password. Lotus Notes keeps a record of up to 50 passwords that have been previously used. If you enable password history checking (through the use of a security settings document), you can configure the number of new passwords that must be used before a given password can be reused.
An expired password doesn't prevent a user from reading encrypted mail or creating new signed documents on local replicas; however, without specifying a new password, users cannot access databases on servers.
Note that password verification during authentication will not work for Internet users because they do not have Lotus Notes user IDs (unless their Lotus Notes and Internet passwords have been synchronized). If Lotus Notes and Internet passwords are synchronized, then any changes to Lotus Notes password settings may affect Internet passwords.
For more information on Lotus Notes and Internet password synchronization, see Creating a security policy settings document.
Caution Do not enable password expiration for users whose ID files are locked with Smartcards. Otherwise, it is possible that a user's ID could be locked out until the password digest can be cleared.
The Administration Process and password verification
Password verification requires the Administration Process to update documents in the Domino Directory. When you enable password verification for a user, the Administration Process creates a "Set Password Information" request in the Administration Requests database. Domino carries out this request according to the setting in the Interval field in the Administration Process section of the Server document. This request enables password-checking by entering values in the Check password, Required change interval, and Grace period fields in the Administration section of the user's Person document.
The first time the user logs onto a server that requires password verification, the Administration Process generates a "Change User Password in Domino Directory" request in the Administration Requests database. This request enters a corresponding hash of an RSA public key, which is derived from the hash of the Lotus Notes password and some other secret information stored in the ID file, in the Password digest field in the Administration section of the Person document. It also records the date the user provided the password in the Last change date field in the Administration section of the Person document. To authenticate with servers that are enabled for password verification, the user must provide the password that corresponds to the digest.
From then on, when a user changes a password, the Administration Process generates a new "Change User Password in Domino Directory" request in the Administration Requests database. This request updates the Password digest and Last change date fields in the Person document. Note that if you modify the change interval or grace period after you enable password verification, the Administration Process must update the fields in the Person document and then user must change the password for the change to take effect.
For more information, see the topic The Administration Process.
Required change intervals and grace periods
You can set up a server to verify users' passwords during authentication without requiring them to change their passwords. If you require password changes, you can specify a grace period that indicates the length of time after the change interval expires before users are locked out of the server. If a required change interval expires before the user changes the password, the user can't authenticate with servers that require password verification until the user creates a new password. If a grace period expires and the user still hasn't changed the password, the user can't authenticate until the administrator manually deletes the data in the Password digest field in the Person document and the user creates a new password. If an unauthorized user changes the password on an ID before the authorized owner of the ID does, the authorized owner can't authenticate and sees this message:
Caution For users whose ID files are locked with Smartcards, set the required change interval and grace period to 0. Otherwise, it is possible that a user's ID could be locked out.
See also