Lotus Notes shared login is a new feature of ND 8.5. I've been looking at it, and it works well in my test environment. Contrary to password synchronization available until 8.5 (which can be quite confusing to users who don't know what is happening), shared login alters the ID file, and it enables a user who has logged into a Windows workstation to launch Lotus Notes without being prompted for the ID file password. IBM/Lotus recommends that ID files be issued without passwords, but I'm not quite sure that is the right thing to do, because it prohibits using the same ID file from another computer that for example, isn't configured to do shared login. Enabling shared login isn't difficult, and it works as advertised. An 8.5 forum article describes how it works:

Notes Shared Login (NSL) is configured via policies. After Notes determines that a user's policy calls for NSL to be enabled, a long string of characters which cannot be entered via a keyboard (the secret) is randomly generated. The secret is encrypted using a function in the MS DPAPI and will be stored in a file in the user's profile directory. The secret is used to generate a new bulk key used to encrypt the Notes ID file.

Flattr this
DomiNotes and Security :: 16 Nov 2008 :: e-mail

Comments

blog comments powered by Disqus