Lotus Domino Administrator 8 Help - Using Policies with Domino Web Access

MAIL

Using Policies with Domino Web Access
Domino administrators can use policies to enforce security settings for IBM® Lotus® Domino™ Web Access users. In addition, any existing policies that were assigned to Domino Web Access users prior to this release will be enforced. Use the steps below to create a Security policy settings document. Then, specify the settings document you created in a Policy document. You use Policy documents to assign Policy settings to users. For a full explanation about using policies, and the relationship between Policy documents and policy settings documents, see the "User and Server Configuration - Policies" section of this help.

Create a Security policy settings document for Domino Web Access users

Although there are other security policy settings that can be created for IBM® Lotus® Notes® users, the settings here are applicable to Domino Web Access security, and the explanations in the table below describe how these settings affect Domino Web Access users.

1. Make sure that you have Editor access to the IBM® Lotus® Domino™ Directory and one of these roles:

PolicyCreator role to create a settings document
PolicyModifier role to modify a settings document

2. From the Domino Administrator, select the People & Groups tab, and then open the Settings view.

3. Click "Add Settings," and then choose "Security."

4. On the tabs listed in the table below, complete these fields:

Password Management Basics tab Action

Allow users to change Internet password over HTTP This setting determines whether the Domino Web Access user preference "Change Internet Password" displays:

Yes (default) - allows users to use a Web browser to change their Internet passwords. Domino Web Access users use the "Change Internet Password" preference to do so.
No - the user preference "Change Internet Password" will not display.

Update Internet Password When Notes Client Password Changes For Domino Web Access users, this setting determines whether there will be one user preference "Change Password," instead of two preferences, "Change Notes ID" and "Change Internet Password." If there is only one preference, then the Notes ID password in their mail file is updated when the Internet password is changed.
Choose one:

No (default) -- User preferences include both "Change Notes ID" and "Change Internet Password" user preferences, and the user must change both.
Yes -- Synchronizes the user Internet password with the Notes client password. User preferences include only the "Change Password" preference, which is used to change both passwords.

Enforce password expiration If you enable password expiration for any of the options, the security settings document defaults change. Choose one:

Disabled (default) - disables password expiration. If you disable password expiration, do not complete the remaining fields in this section.
Notes only - enables password expiration for Notes passwords only. For Domino Web Access users, this enables expiration for the Notes ID stored in the user's mail file.
Internet only - enables password expiration for Internet passwords only.
Notes and Internet -- enables password expiration for both Notes and Internet passwords. For Domino Web Access users, it enables expiration for both the Notes ID stored in the user's mail file and for the Internet password.
Note Internet password expiration settings are recognized only by the HTTP protocol. This means that Internet passwords can be used with other Internet protocols (such as LDAP or POP3) indefinitely.
Caution Do not enable password expiration if users use Smartcards to log in to Domino servers.

Required password quality If you require users to create passwords based on password quality, specify that quality by choosing a value from the drop-down list. To use length instead of password quality, continue to the next field.
For Domino Web Access users, password quality settings are enforced when the Notes ID is stored in the user's mail file and the password is changed via Domino Web Access user preferences.

Use length instead If you require users to create passwords based on length, click Yes. When you do, the "Required Password Quality" field changes to "Required password length." Specify the minimum password length here.
For Domino Web Access users, password quality settings are enforced when the Notes ID is stored in the user's mail file and the password is changed via Domino Web Access user preferences.

Custom Password Policy tab Action

Change Password on First Notes Client Use Require users to change their passwords the first time they log in using Notes. For Domino Web Access, users must change the embedded Notes ID password before using it the first time.
Note This works only if the policy is applied during user registration.

Keys and Certificates tab Action

Warning period Specify the number of days prior to certificate expiration at which the user receives an expiration warning message.

See also

Creating policies

Organizational and explicit policies

Policies

Glossary

Feedback on Help or Product Usability?

Help on Help

All Help Contents

Glossary

Password Management Basics tab	Action
Allow users to change Internet password over HTTP	This setting determines whether the Domino Web Access user preference "Change Internet Password" displays: Yes (default) - allows users to use a Web browser to change their Internet passwords. Domino Web Access users use the "Change Internet Password" preference to do so. No - the user preference "Change Internet Password" will not display.
Update Internet Password When Notes Client Password Changes	For Domino Web Access users, this setting determines whether there will be one user preference "Change Password," instead of two preferences, "Change Notes ID" and "Change Internet Password." If there is only one preference, then the Notes ID password in their mail file is updated when the Internet password is changed. Choose one: No (default) -- User preferences include both "Change Notes ID" and "Change Internet Password" user preferences, and the user must change both. Yes -- Synchronizes the user Internet password with the Notes client password. User preferences include only the "Change Password" preference, which is used to change both passwords.
Enforce password expiration	If you enable password expiration for any of the options, the security settings document defaults change. Choose one: Disabled (default) - disables password expiration. If you disable password expiration, do not complete the remaining fields in this section. Notes only - enables password expiration for Notes passwords only. For Domino Web Access users, this enables expiration for the Notes ID stored in the user's mail file. Internet only - enables password expiration for Internet passwords only. Notes and Internet -- enables password expiration for both Notes and Internet passwords. For Domino Web Access users, it enables expiration for both the Notes ID stored in the user's mail file and for the Internet password. Note Internet password expiration settings are recognized only by the HTTP protocol. This means that Internet passwords can be used with other Internet protocols (such as LDAP or POP3) indefinitely. Caution Do not enable password expiration if users use Smartcards to log in to Domino servers.
Required password quality	If you require users to create passwords based on password quality, specify that quality by choosing a value from the drop-down list. To use length instead of password quality, continue to the next field. For Domino Web Access users, password quality settings are enforced when the Notes ID is stored in the user's mail file and the password is changed via Domino Web Access user preferences.
Use length instead	If you require users to create passwords based on length, click Yes. When you do, the "Required Password Quality" field changes to "Required password length." Specify the minimum password length here. For Domino Web Access users, password quality settings are enforced when the Notes ID is stored in the user's mail file and the password is changed via Domino Web Access user preferences.
Custom Password Policy tab	Action
Change Password on First Notes Client Use	Require users to change their passwords the first time they log in using Notes. For Domino Web Access, users must change the embedded Notes ID password before using it the first time. Note This works only if the policy is applied during user registration.
Keys and Certificates tab	Action
Warning period	Specify the number of days prior to certificate expiration at which the user receives an expiration warning message.