Setting up password verification

You can enable password verification through the use of a security policy settings document, which allows you to enable this feature for multiple users, or you can enable password verification on an individual basis through the Domino® Directory.

Before you begin

Make sure that:
  • The Administration Process is set up on the server.
  • You have at least Editor access and the UserModifier role in the Domino® Directory.
  • Password verification is enabled on the servers with which these users authenticate.

About this task

You can also choose to lock out a user's ID, which prevents the user from logging into the server. You can lock out user IDs through a policy, or individually through the Person document.

It is a good practice to select one method of password verification or ID lockout. You cannot use both a policy and the appropriate setting in the Person document. Policy settings will always supersede any settings in Person documents.

CAUTION: Do not enable password expiration for users whose ID files are locked with Smartcards. Otherwise, it is possible that a user's ID could be locked out until password expiration can be cleared. You should also be sure that the required change interval and allowed grace period is set at zero.

To enable password verification for individual users

Procedure

  1. From the Domino® Administrator, click People & Groups.
  2. Select each Person document for which you want to enable password checking.
  3. Choose Actions > Set Password Fields, and then click Yes to continue.
  4. In the Check Notes Password field, select Check password.
  5. Complete these fields, and then click OK:
    • Required change interval - Enter the length of time, in days, that a password can be in effect before it must be changed. Default is zero.
    • Allowed grace period - Enter the length of time, in days, that users have to change an expired password before being locked out. Default is zero, meaning that users are not locked out.
  6. Optional: You can also choose to force individual users to change their Internet passwords the next time they log in. In the Force users to change Internet password on next login dialog box, click Yes.

To disable password verification for an individual user

About this task

When you disable password verification for a user, Domino® does not check passwords for the user even if password verification is enabled for the server.

Procedure

  1. From the Domino® Administrator, click People & Groups using a network connection to the Domino® Directory.
  2. Select each Person document for which you want to enable password checking.
  3. Choose Actions > Set Password Fields, and then click Yes to continue.
  4. In the Set Passwords Fields dialog box, select Don't check password, and then click OK.

To lock out an individual user's ID

Procedure

  1. From the Domino® Administrator, click People & Groups using a network connection to the Domino® Directory.
  2. Select the Person document of the user whose ID will be locked out.
  3. Choose Actions > Set Password Fields, and then click Yes to continue.
  4. In the Set Passwords Fields dialog box, select Lockout ID, and then click OK.

To enable password verification on servers

About this task

To use password verification for Notes® users, you must enable password verification for both users and servers. Do the following to enable password verification on each server with which these users authenticate:

Procedure

  1. From the Domino® Administrator, click Configuration.
  2. Open the Server document of the server for which you want to enable password verification.
  3. Click Security, and then in the Check passwords on Notes IDs field, select Enabled.
  4. Repeat for each server on which you want to enable password verification.

To disable password verification for a server

About this task

When you disable password verification for a server, Domino® does not check passwords for any users who access the server, even if the user has password verification enabled.

Procedure

  1. From the Domino® Administrator, click Configuration.
  2. Open the server document of the server for which you want to disable password verification.
  3. Click Security, and then in the Check passwords on Notes IDs field, select Disnabled.
  4. Repeat for each server on which you want to disable password verification.