I have been asked to find a way that will automatically lock a user out after a certain amount of unsuccesful log-in attempts, let’s say 5. I am still at Release 5.011, and from what I have seen it cannot be done. Can it be done in Release 6?
Thanks.
Alain
Subject: Lock out user after too many incorrect password attempts
What’s the point?Without the proper password said user won’t be able to use the ID to authenticate, so remains ‘locked out’.
And… by the time five attempts have been made to enter an incorrect password, the built-in delayed response will be really showing itself so the person trying will begin to realise they are not going to ‘get in’.
Regards,
Mike
Mike Kemp
Lotus Notes Specialist
Subject: RE: Lock out user after too many incorrect password attempts
There are a few “guiding” authorities in certain industries (FDA sets guidelines for Pharma’s to follow, for example) who are strongly urging the use of a “3 strikes and your out” (locked out) functionality and these industries do use Notes clients.
This CAN be done, even in R5, using Active Directories (and perhaps LDAP) as the authentication scheme. I believe I saw a “Red Paper” done on it a while back, though it was not a solution that was used by my former employer.
Jim
Subject: Lock out user after too many incorrect password attempts
I’ve done this for web logins but not Notes client logins.