Preparing IDs for recovery

After you specify recovery information in the certifier ID, when you register users, the user IDs automatically contain recovery information. However, if you specified recovery information after generating user IDs, users must update their user IDs with recovery information supplied by the administrator. Updating IDs with recovery information automatically sends an encrypted backup of the user ID to the centralized mail or mail-in database.

Before you begin

For recovery to work, the administrator ID and the user ID must have key sizes of 1024 or less.

About this task

There are two ways that users can update their user IDs with recovery information:

  • (Only for Domino® 6 servers and later) Users authenticate to their home server after an administrator has added recovery information to the certifier. The recovery information is automatically added to their Notes® ID.
  • The administrator sends recovery information to users to incorporate into their user IDs. You must complete these steps before a user loses or damages an ID or forgets a password.

Users can determine whether recovery information is present in their user ID by seeing whether the Mail Recovery ID button on the User Security dialog box is active. They can then click the button to send an encrypted backup of the user ID to the centralized mail or mail-in database.

Sending recovery information to the user

Procedure

  1. From the Domino Administrator, click the Configuration tab, and then click Certification.
  2. Click Edit Recovery Information.
  3. In the Choose a Certifier dialog box, if the correct server name does not appear, click Server and select the registration server name from the Domino Directory.
  4. Choose the certifier for which you are creating recovery information.
    • If you are using a server-based certification authority, click Use the CA process and select a certifier from the drop-down list.
    • If you are not using a server-based certification authority, click Supply certifier ID and password. If the certifier ID path and file name do not appear, click Certifier ID and select the certifier ID file and enter the password.
  5. Choose Export, and then enter the certifier ID's password.
  6. Complete these fields, and then click Send:
    Table 1. ID recovery email fields

    Field

    Enter

    To

    Names of users and groups whose ID files you want to back up.

    CC

    Names of users and groups to whom you want to send a copy of the message.

    Subject

    Information for users and groups that will appear in the Subject field of the message. If this field is blank, Notes uses the following text:

    New ID file recovery information is attached. Please add it to your ID file by using the Actions menu "Accept Recovery Information" option.

    Memo

    Information for users and groups that will appear in the Body field of the message. Domino automatically attaches the encrypted backup file information to the message -- you do not need to specify it in this field.

Accepting recovery information in the ID file

About this task

The user completes these steps.

Procedure

  1. After the administrator sends the recovery information, open the message in your mail database.
  2. Choose Actions > Accept Recovery Information, and then enter your password.
  3. Complete these fields, and then click Send.
    Table 2. ID recovery acceptance message fields

    Field

    Enter

    To

    Name of the mail or mail-in database that will store the backup copy of your ID. Domino enters the name of the database specified by your administrator.

    CC

    Names of users and groups to whom you want to send a copy of the message.

    Subject

    Information for administrators that will appear in the Subject field of the message. If this field is blank, Notes uses one of the following messages:

    Backup of newly changed recovery information for user name
    Backup of recent changes to ID file for user name

    Memo

    Information for administrators that will appear in the Body field of the message. Domino automatically attaches the backup of the ID file to the message; you do not need to specify it in this field.

Results

Domino automatically sends the encrypted backup ID file to the centralized mail or mail-in database specified by the administrator.

Note: You can store multiple copies of the ID file in the centralized mail or mail-in database. Domino creates a new document every time an ID file is backed up. When attempting to recover an ID file, use the most recent backup. If this fails, use the older versions.

What to do next

Use the NOTES.INI setting ID_Recovery_Suppress_Recovery to suppress the creation of the recovery memo, if you want to suppress the standard message that appears on the recovery email and replace it with a custom message.