× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  1.  Home
  2. DOMINO400
  3. April 2008

Re: Password Recovery mail-in database

Recovery information is not changed when users change their passwords nor
when they are recertified. From admin help: "When users acquire a new
public key, accept a name change, or accept or create a document
encryption key, Domino automatically sends updated encrypted backup ID
files to the centralized database. In the case of a server-based
certificate authority , the recovery database will be updated once the
user has connected to the server. Recertifying a user does not generate an
encrypted copy of the ID file to be sent to the recovery database, as a
user's Person Document already contains the updated public key."

Whenever the admin changes the recover information in the certifier, that
will trigger all the users to send in new recovery information. So every
time you add or remove a person who can recover ID's or make other
changes, expect a new wave to come in. Be cautious if you upgrade the
Notes ID security from 64 to 128 bit (or I presume to 256 bit with Notes
8). I found I could no longer recover ID's after my personal ID strength
was increased. I had to update the recovery information (make some minor
change) to trigger all new ID files to be sent in so I could recover users
ID's again.

I keep the old copies in the mail-in database, as sometimes they come in
handy, but not too often. I would think 2 or 3 would suffice if you must
clean.

The mail-in ID files are Encrypted (hence the "E" in "IDE"), and have to
be recovered to use them. So you can recover from ID file if the user has
it, or from the mail in database if they lose it. I use the mail-in ID's
to recover their actual ID's all the time as it is quicker to pull one out
of the DB then to get to their original. The database should be more up
to date the original backup, if you rename users, etc.

Storing the ID file in the address book is really only bad if you use weak
passwords. It is very handy to keep them there for new workstation setup,
but if they have a "default" password or are easily crackable, that is a
weakness.
===============================================
Tom Kreimer
Senior AS400 LAN-WAN Network Specialist
Buckhorn Inc, Milford OH


As an Amazon Associate we earn from qualifying purchases.

This thread ...
Replies:
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.