Best practices for us is not to put ID's in the Domino directory as it is a security risk. If someone can detach the IDs, they can hack them. Passware produced a tool that uses C API calls to brute force hack a Lotus Notes ID file. Since they are attacking the ID file directly, the Lotus timeout feature is not a factor. User gets a privileged ID and hacks it = bye bye to your domain. Regards, Eric Waters CSC DCosgrove@entnet. org Sent by: To domino400-bounces Lotus Domino on the iSeries / AS400 +ewaters2=csc.com <domino400@xxxxxxxxxxxx> @midrange.com cc Subject 03/28/2005 03:31 Domino ID Files Best Practices PM Please respond to Lotus Domino on the iSeries / AS400 <domino400@midran ge.com> Hi All We are setting up a new Domino Email only server. Where is the best place to put ID files. Should they be on the directory only, file only or both. We do have users access their email using iNotes over the web as well as using the Lotus client on their office PC's. We are on Domino 6.5.3 and OS/400 V5R3 TIA Doug Cosgrove Sr Programmer/Analyst AAO-HNSF 703-519-1548 Direct Dial 703-683-5100 Fax E-mail: dcosgrove@xxxxxxxxxx Website: http://www.entnet.org _______________________________________________ This is the Lotus Domino on the iSeries / AS400 (Domino400) mailing list To post a message email: Domino400@xxxxxxxxxxxx To subscribe, unsubscribe, or change list options, visit: http://lists.midrange.com/mailman/listinfo/domino400 or email: Domino400-request@xxxxxxxxxxxx Before posting, please take a moment to review the archives at http://archive.midrange.com/domino400.
As an Amazon Associate we earn from qualifying purchases.
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.