I understand that shared login removes the Notes password and replaces it with a new bulk key derived from a secret accessible via the Windows DPAPI.
According to the Infocenter document, “you cannot synchronize your Internet password with your Notes password because your Notes password no longer exists.”
So I’d like to confirm that in ND 8.5 I have the following two options:
Continue with the Notes Single Login Service, which isn’t ideal, but if properly implemented can sync users’ AD, Notes and Internet passwords. Result: 1 password.
Move to Notes Shared Login, which eliminates the Notes ID password, but has no capability to sync the Domino Internet password. Result: 2 passwords.
After 8.5.1 (No, it doesnt work in 8.5) you can enable SPNEGO authentication which will also eliminate the need of a Internet password.
I’ve tested and it works great. You have to set up a couple of things and I couldnt make it work with Firefox but I used a non supported version (Firefox releases many versions)
Subject: Have you considered using DA to LDAP for the http password?
I’ve heard of people who want to centralize everything around their AD password (ick) configuring DA to point to AD’s LDAP interface for http password verification.
The security setting circled below will cause a user’s Internet password to be updated when their Notes ID password is updated. Please remember that this setting can be used with Notes Single Logon (the older, service-based feature), but it is ignored when Notes Shared Login (new feature in Notes 8.5) is enabled.
I used Shared Login and when I update my network (Active Dir) password it takes care of Notes client and http password. I read that it won’t update http password but it did for me…So I’m confused.