Lotus Domino Administrator 8 Help - Controlling access to a passthru server or passthru destination

SECURITY

Controlling access to a passthru server or passthru destination
A passthru server allows users and servers to use a passthru connection to connect to another server. The server to which users connect is called a passthru destination. You can control which users and servers can access a passthru server and passthru destination.

For more information on passthru servers, see Connecting a server to a passthru server.

If your system uses multiple Domino Directories, IBM® Lotus® Domino™ searches only the first Domino Directory specified in the Names setting in the NOTES.INI file.

Internet and intranet clients cannot use passthru; therefore, these settings are valid only for IBM® Lotus® Notes® users and Domino servers.

1. From the Domino Administrator, click Configuration, and open the Server document.

2. Click the Security tab.

3. In the Passthru Use section, complete one or more of these fields, and then save the document:

Field Action

Access this server Enter any of these:

Names of specific servers, users, and groups.
An asterisk (*) followed by a certificate name -- for example, */Sales/East/Acme -- to allow all users certified by a particular certifier to access the server.
An asterisk (*) followed by a view name -- for example, *($Users) -- to allow access to all names that appear in a specific view in the Domino Directory. Access time is quicker if you specify a group name rather than a view name.
Any users or servers listed in this field can use a passthru server to access this server. This field does not take precedence over other access fields -- for example, the "Access server" and "Not access server" fields. For example, if the "Access server" field specifies that only users listed in the Domino Directory can access this server, users who are not in the local domain cannot access this server.
The default for this field is blank, which means that users and servers are prevented from using a passthru connection to access this server.
Separate multiple names with commas or semicolons.

Route through Enter any of these:

Names of specific servers, users, and groups.
An asterisk (*) followed by a certificate name -- for example, */Sales/East/Acme -- to allow all users certified by a particular certifier to access the server.
An asterisk (*) followed by a view name -- for example, *($Users) -- to allow access to all names that appear in a specific view in the Domino Directory. Access time is quicker if you specify a group name rather than a view name.
Any users or servers listed in this field can use the server as a passthru server, regardless of whether or not they are also included in the "Access server" or "Not access server" fields.
The default for this field is blank, which means that users and servers are prevented from using this server for passthru access.
Separate multiple names with commas or semicolons.

Cause calling Enter any of these:

Names of specific servers, users, and groups.
An asterisk (*) followed by a certificate name -- for example, */Sales/East/Acme -- to allow all users certified by a particular certifier to initiate calling.
An asterisk (*) followed by a view name -- for example, *($Users) -- to allow all names that appear in a specific view in the Domino Directory to allow calling. Access time is quicker if you specify a group name rather than a view name.
Any users or servers listed in this field can instruct this server to call -- that is, place a phone call to -- another server in order to establish a routing path to that server. If no names are entered, no calling is allowed. In general, if the Replicator on another server uses the modem on a server to reach its targets, the server name of the Replicator must be included in this list on the server with the modem. Otherwise, the replication will frequently fail.
The default for this field is blank, which means that users and servers are prevented from using this server to route a path to another server.
Separate multiple names with commas or semicolons.
This field corresponds to the Allow_Passthru_Callers setting in the NOTES.INI file. If a conflict exists, the "Cause calling" field takes precedence.

Destinations allowed Enter the names of destination servers to which this server may route clients.
The default for this field is blank, which means that all servers may be routed to.
This field corresponds to the Allow_Passthru_Targets setting in the NOTES.INI file. If a conflict exists, the "Destinations allowed" field takes precedence.

For more information about configuring NOTES.INI settings, see Editing the NOTES.INI file.

A current listing of NOTES.INI settings can be found on the IBM Lotus developerWorks Web site at http://www.ibm.com/developerworks/lotus/documentation/notes-ini/.

See also

Passthru servers and hunt groups

Customizing access to a Domino server

Glossary

Feedback on Help or Product Usability?

Help on Help

All Help Contents

Glossary

Field	Action
Access this server	Enter any of these: Names of specific servers, users, and groups. An asterisk () followed by a certificate name -- for example, /Sales/East/Acme -- to allow all users certified by a particular certifier to access the server. An asterisk () followed by a view name -- for example, ($Users) -- to allow access to all names that appear in a specific view in the Domino Directory. Access time is quicker if you specify a group name rather than a view name. Any users or servers listed in this field can use a passthru server to access this server. This field does not take precedence over other access fields -- for example, the "Access server" and "Not access server" fields. For example, if the "Access server" field specifies that only users listed in the Domino Directory can access this server, users who are not in the local domain cannot access this server. The default for this field is blank, which means that users and servers are prevented from using a passthru connection to access this server. Separate multiple names with commas or semicolons.
Route through	Enter any of these: Names of specific servers, users, and groups. An asterisk () followed by a certificate name -- for example, /Sales/East/Acme -- to allow all users certified by a particular certifier to access the server. An asterisk () followed by a view name -- for example, ($Users) -- to allow access to all names that appear in a specific view in the Domino Directory. Access time is quicker if you specify a group name rather than a view name. Any users or servers listed in this field can use the server as a passthru server, regardless of whether or not they are also included in the "Access server" or "Not access server" fields. The default for this field is blank, which means that users and servers are prevented from using this server for passthru access. Separate multiple names with commas or semicolons.
Cause calling	Enter any of these: Names of specific servers, users, and groups. An asterisk () followed by a certificate name -- for example, /Sales/East/Acme -- to allow all users certified by a particular certifier to initiate calling. An asterisk () followed by a view name -- for example, ($Users) -- to allow all names that appear in a specific view in the Domino Directory to allow calling. Access time is quicker if you specify a group name rather than a view name. Any users or servers listed in this field can instruct this server to call -- that is, place a phone call to -- another server in order to establish a routing path to that server. If no names are entered, no calling is allowed. In general, if the Replicator on another server uses the modem on a server to reach its targets, the server name of the Replicator must be included in this list on the server with the modem. Otherwise, the replication will frequently fail. The default for this field is blank, which means that users and servers are prevented from using this server to route a path to another server. Separate multiple names with commas or semicolons. This field corresponds to the Allow_Passthru_Callers setting in the NOTES.INI file. If a conflict exists, the "Cause calling" field takes precedence.
Destinations allowed	Enter the names of destination servers to which this server may route clients. The default for this field is blank, which means that all servers may be routed to. This field corresponds to the Allow_Passthru_Targets setting in the NOTES.INI file. If a conflict exists, the "Destinations allowed" field takes precedence.