Lotus Domino Administrator 8.5 Help - Creating security policy settings for Lotus iNotes users

MAIL

Creating security policy settings for Lotus iNotes users
To create or enforce security settings for IBM® Lotus® iNotes™ users, you must create a Security Policy Settings document. Although there are other security policy settings that can be created for IBM Lotus Notes® users, the settings here are applicable to Lotus iNotes security, and the explanations in the table below describe how these settings affect Lotus iNotes users.

For a full explanation about using policies, and the relationship between Policy documents and policy settings documents, see the "User and Server Configuration - Policies" section of this help.

1. Make sure that you have Editor access to the Domino Directory and one of these roles:

PolicyCreator role to create a settings document
PolicyModifier role to modify a settings document

2. From the Domino Administrator, select the People & Groups tab, and then open the Settings view.

3. Click "Add Settings," and then choose "Security."

4. On the tabs listed in the table below, complete these fields:

Password Management Basics tab Description

Allow users to change Internet password over HTTP This setting determines whether the Lotus iNotes user preference "Change Internet Password" displays:

Yes (default) - allows users to use a Web browser to change their Internet passwords. Lotus iNotes users use the "Change Internet Password" preference to do so.
No - the user preference "Change Internet Password" will not display.

Update Internet Password When Notes Client Password Changes For Lotus iNotes users, this setting determines whether there will be one user preference "Change Password," instead of two preferences, "Change Notes ID" and "Change Internet Password." If there is only one preference, then the Notes ID password in their mail file is updated when the Internet password is changed.
Choose one:

No (default) -- User preferences include both "Change Notes ID" and "Change Internet Password" user preferences, and the user must change both.
Yes -- Synchronizes the user Internet password with the Notes client password. User preferences include only the "Change Password" preference, which is used to change both passwords.

Enforce password expiration If you enable password expiration for any of the options, the security settings document defaults change. Choose one:

Disabled (default) - disables password expiration. If you disable password expiration, do not complete the remaining fields in this section.
Notes only - enables password expiration for Notes passwords only. For Lotus iNotes users, this enables expiration for the Notes ID stored in the user's mail file.
Internet only - enables password expiration for Internet passwords only.
Notes and Internet -- enables password expiration for both Notes and Internet passwords. For Lotus iNotes users, it enables expiration for both the Notes ID stored in the user's mail file and for the Internet password.
Note Internet password expiration settings are recognized only by the HTTP protocol. This means that Internet passwords can be used with other Internet protocols (such as LDAP or POP3) indefinitely.
Caution Do not enable password expiration if users use Smartcards to log in to Domino servers.

Required password quality If you require users to create passwords based on password quality, specify that quality by choosing a value from the drop-down list. To use length instead of password quality, continue to the next field.
For Lotus iNotes users, password quality settings are enforced when the Notes ID is stored in the user's mail file and the password is changed via Lotus iNotes user preferences.

Use length instead If you require users to create passwords based on length, click Yes. When you do, the "Required Password Quality" field changes to "Required password length." Specify the minimum password length here.
For Lotus iNotes users, password quality settings are enforced when the Notes ID is stored in the user's mail file and the password is changed via Lotus iNotes user preferences.

Custom Password Policy tab

Change Password on First Notes Client Use Require users to change their passwords the first time they log in using Notes. For Lotus iNotes, users must change the embedded Notes ID password before using it the first time.
Note This works only if the policy is applied during user registration.

Keys and Certificates tab

Specify the number of days prior to certificate expiration at which the user Warning period receives an expiration warning message.

Related topics

Creating policies

Policies

Planning and assigning policies

Glossary

Feedback on Help or Product Usability?

Help on Help

All Help Contents

Glossary

Password Management Basics tab	Description
Allow users to change Internet password over HTTP	This setting determines whether the Lotus iNotes user preference "Change Internet Password" displays: Yes (default) - allows users to use a Web browser to change their Internet passwords. Lotus iNotes users use the "Change Internet Password" preference to do so. No - the user preference "Change Internet Password" will not display.
Update Internet Password When Notes Client Password Changes	For Lotus iNotes users, this setting determines whether there will be one user preference "Change Password," instead of two preferences, "Change Notes ID" and "Change Internet Password." If there is only one preference, then the Notes ID password in their mail file is updated when the Internet password is changed. Choose one: No (default) -- User preferences include both "Change Notes ID" and "Change Internet Password" user preferences, and the user must change both. Yes -- Synchronizes the user Internet password with the Notes client password. User preferences include only the "Change Password" preference, which is used to change both passwords.
Enforce password expiration	If you enable password expiration for any of the options, the security settings document defaults change. Choose one: Disabled (default) - disables password expiration. If you disable password expiration, do not complete the remaining fields in this section. Notes only - enables password expiration for Notes passwords only. For Lotus iNotes users, this enables expiration for the Notes ID stored in the user's mail file. Internet only - enables password expiration for Internet passwords only. Notes and Internet -- enables password expiration for both Notes and Internet passwords. For Lotus iNotes users, it enables expiration for both the Notes ID stored in the user's mail file and for the Internet password. Note Internet password expiration settings are recognized only by the HTTP protocol. This means that Internet passwords can be used with other Internet protocols (such as LDAP or POP3) indefinitely. Caution Do not enable password expiration if users use Smartcards to log in to Domino servers.
Required password quality	If you require users to create passwords based on password quality, specify that quality by choosing a value from the drop-down list. To use length instead of password quality, continue to the next field. For Lotus iNotes users, password quality settings are enforced when the Notes ID is stored in the user's mail file and the password is changed via Lotus iNotes user preferences.
Use length instead	If you require users to create passwords based on length, click Yes. When you do, the "Required Password Quality" field changes to "Required password length." Specify the minimum password length here. For Lotus iNotes users, password quality settings are enforced when the Notes ID is stored in the user's mail file and the password is changed via Lotus iNotes user preferences.
Custom Password Policy tab
Change Password on First Notes Client Use	Require users to change their passwords the first time they log in using Notes. For Lotus iNotes, users must change the embedded Notes ID password before using it the first time. Note This works only if the policy is applied during user registration.
Keys and Certificates tab
	Specify the number of days prior to certificate expiration at which the user Warning period receives an expiration warning message.