Domino

Aaron Burden: Fountain pen and a notebook

Last week I had an issue that some Domino Server didn’t provide SSO through SPNEGO any longer (environment worked for over 2 years now). This environment uses the customized domcfg.nsf template of Andreas Artner , maybe it’s related, but I don’t think so, on Windows 7 with latest Internet Explorer 11 and Domino Servers 9.0.1 with latest fix pack.

Created:
Last Update:
Read in about 2 min
Aaron Burden: Fountain pen and a notebook

Since years i think that the Internet Lockout Feature of IBM Domino is not enough. The function is documented here: IBM Domino Administrator Help

Cite of this document:

There are some usage restrictions for Internet password lockout: You can only use Internet password lockout with Web access. Other Internet protocols and services, such as LDAP, POP, IMAP, DIIOP, IBM® Lotus® Quickr®, and IBM Sametime® are not currently supported. However, Internet password lockout can be used for Web access if the password that is used for authentication is stored on an LDAP server

So documentation tells us, that only HTTP can be secured through inetlockout.nsf and over years the documentation was right. So protocols like LDAP, SMTP or POP3 are prone to dictionary attacks.

Created:
Last Update:
Read in about 3 min
Aaron Burden: Fountain pen and a notebook

You can use policy setting document “Mail settings” to deploy a standard message disclaimer for your users.

First you have to configure your domino server which makes the smtp conversion of internet mails. For this server open the “configuration document” and check if “Message disclaimers” is enabled.

2011 02 28 12281

Now we need a policy for all traveler users, or if you want to deploy personalized signatures, for each traveler user.

I created a dynamic policy (explicit policy document and set of group/user in “policy assignment”) for my traveler user and made a mail setting document for the disclaimer:

Created:
Last Update:
Read in about 1 min