About this task

Using this setting makes servers less vulnerable to security attacks by refining how Domino searches for names and authenticates Internet clients. Domino also uses this setting when a Java™ applet hosted on a Domino server authenticates users with the Domino IIOP protocol.

Procedure

1. From the Domino Administrator, click Configuration, and open the Server document.

2. Click Security.

3. In the Internet Access section, choose one of the following in the Internet Authentication field:

• Fewer name variations with higher security (default) - recommended for tighter security. This authentication method is less vulnerable to attacks because a single authentication attempt does not produce as many matches, lessening the likelihood that a guessed password matches.
• More name variations with lower security - Domino tries to authenticate users based on the name and password entered. This authentication method can be vulnerable to hackers who guess names and passwords in an attempt to use a legitimate user account to access a server.

Results

If you selected Fewer name variations with higher security users enter the following in the name-and-password dialog box in a Web browser or other Internet client:

Table 1. Authentication required using Fewer name variations with higher security

Domino Directory authentication	LDAP Directory authentication
Full hierarchical name	DN
Common name or Common name with CN= prefix	CN or CN with CN=prefix
Not applicable	UID or UID with UID= prefix
Alias name (a name listed in the User name field of the Person document, excluding the first name listed in the field)	Not applicable
Internet address (user's e-mail address as listed in the Internet address field in the user's Person document)	Mail

If you selected More name variations with lower security users to enter any of the following in the name and password dialog box in a Web browser:

Table 2. Authentication required using More name variations with lower security

Domino Directory authentication	LDAP Directory authentication
Last name	Surname
First name	Givenname
Common name or Common name with cn=prefix	Common name (CN) or CN with CN=prefix
Full hierarchical name (canonical)	DN
Full hierarchical name (abbreviated)	DN
Short name	UID or UID with UID=prefix
Alias name (a name listed in the User name field of the Person document, excluding the first name listed in the field)	Not applicable
Soundex number	Not applicable
Internet address (user's e-mail address as listed in the Internet address field in the user's Person document)	Mail

What to do next

The Domino Web Server Application Programming Interface (DSAPI) is a C API tool that lets you write your own extensions to the Domino Web server. These extensions, or filters, let you customize the authentication of Web users. For more information on DSAPI and filters, see the current Lotus C API Toolkit for Domino and Notes, which is available at www.ibm.com.

Related concepts
Name-and-password authentication for Internet/intranet clients
Customizing access to a Domino server

Related reference
Examples of name variations allowed for Internet client authentication

Feedback on Help or Product Usability?

Help on Help

All Help Contents

Feedback on Help or Usability?

Help on Help