If you have implemented Notes Shared Login, or if you are thinking about Technote
OS and Domino password policies must be aligned as closely as possible to allow password synchronization to work. During OS password changes, the Notes Network Provider must be able to change the Notes ID to the new password provided by the OS. Notes is notified of the new OS password only after the OS password has been changed. If the new OS password does not meet the Notes password quality and history requirements, the Notes password change will fail. During Notes password changes, the Notes client must be able to change the OS password to the new Notes password. If the new Notes password does not meet the OS password quality and history requirements, the OS password change will fail.
Operating system (OS) password changes, that is, password changes that are initiated outside of Lotus Notes, occur in the system access control environment; therefore, the NOTES.INI file and the Notes ID file must reside on a local drive.
The key point to understand about Notes Client Single Logon is that the Notes ID still has a password, it is simply synchronized to the Windows password and being passed by Windows at Login. The second feature is Notes Shared Login in this case the ID file no longer has a password, and authentication is done at Windows Login. Before we go any further it is worth noting the cases where shared login will not work.
You cannot use shared login if any of the following conditions is true: -you use a computer that does not run Microsoft Windows -you use a Smartcard to log in to Lotus Notes -your User ID is protected by multiple passwords -you are a roaming user that uses a roaming ID -you run Notes on a USB drive -you use a mandatory Windows profile -you are running Notes in a Citrix environment
The other important item to note is that the Notes ID no longer has a password, as a result you can not simply copy the ID file from one machine to another, if you need to copy your ID file you must use the documented procedure to copy and ID file when using Notes Shared Login. Shared Login needs to be enabled via a Security Settings document in a Policy, it is disabled by default. It is highly recommended to use Notes Shared Login in conjunction with the ID Vault to insure you can always reset a password or recover an ID file if needed. Related Links Technote 1405060 New 8.5 Notes Shared Login “Gotchas” Notes and Domino Wiki: Best Practices for Shared Login Notes and Domino WikiL Upgrading from Notes client single logon to Notes Shared Login Deploying a Notes custom install using the surunas upgrade method and enabling Notes client single logon
We abandoned Shared Login a while ago when we realised it didn’t update the internet password. Useless.
Same here regarding the Internet Password.
Shared login is a very poor replacement for the Notes Client Single Login.
We’ve abandoned it.
@Ben, Gavin: You are missing one piece in the puzzle. Since the Notes.id doesn’t have a password there is no password to change (and hence no password change propagates to the Internet password). To make that happen you have 3 options:
a) Setup Domino to use SPINEGO (so it automatically authenticates with the Windows login credentials)
b) Use TDI (entitlement included in Domino) to keep passwords in sync
c) Setup Domino to authenticate against AD for http access
Our previous admin starting setting up users on Shared Login. I thought it was great until I found out at IAMLUG that it does not work with Citrix. It also does not sync the internet password. However I also learned at IAMLUG that you can setup directory assistance to authenticate with LDAP (AD) for internet / sametime / traveler / quickr logins. Gabriella Davis and Marie Scott did the presentation on this. I need to find the slides on it.
So now we need to figure out what we are doing with Citrix.
Dennis
SPNEGO on Domino is great. It takes a bit at the beginning to populate the NAB with AD DN but then no login screens at all.
good article!