Manualshelf

Specifications

ManualsBrandsAVG ManualsSoftware8.5 FILE SERVER EDITION - V 85.5
11121314151617181920
Lotus Redbooks Wiki – IBM Lotus Notes and Domino V8.5 Deployment Guide
16
desktop policy settings document.
Administration policies for Lotus iNotes
Domino administrators can use administrative policies to set or to enforce mail, desktop and
security settings for Lotus iNotes users. When applied to a user, these mail settings lock down
the associated user preferences in Lotus iNotes. (Note that any existing policies previously
assigned to Lotus iNotes users will be enforced.)
New Security Features
The following sections describe new security features available in Notes and Domino Version 8.5.
Notes Shared Login
IBM Lotus constantly works at reducing the Total Cost of Ownership (TCO) and security is no
exception. One key security feature contributing to this objective is Notes Shared Login, by
meeting the following goals:
Reduction of the number of passwords the users need to remember
Elimination of the Notes password prompt ("single sign-on")
Elimination of the need for Lotus Notes ID password management
NOTE: As of now, for Notes 8.5, the only operating system supported for Notes Shared Login is
Microsoft Windows. Linux and Mac are currently under consideration for a future release.
Notes Shared Login relies on the operating system's login credentials. These credentials are
used to unlock the Notes ID file, so when the user logs into Windows, no Notes password is
required to start the Notes client, and there's no password to synchronize. In the background, the
Notes ID still authenticates to a Domino server using the client/server certificate-based
authentication, just like before. The password management tasks are now controlled by Windows
policies. For users using Notes Shared Login, the Notes password policies in place are simply
ignored and the User Security dialog box does not display fields relating to Notes passwords. The
only settings considered are the ones under "Password Management - Notes Shared Login" tab.
To protect the ID file that is Notes Shared Login-enabled, the Windows Data Protection API
(DPAPI) is used. When an ID file is configured for Notes Shared Login, a complex "secret" is
generated to protect it. Then, it is encrypted with DPAPI using additional application-specific
entropy. The encrypted "secret" is then saved in the Windows user's profile directory. The Notes
ID file is encrypted with a bulk key which is derived from the "secret", then saved.
NOTE: It is recommended to use an ID backup system to backup Notes Shared Login-enabled ID
files for recovery. The use of the Lotus Notes ID Vault is recommended as it supports Notes
Shared Login-enabled ID files and is a supported configuration.
Notes ID Vault