Hi All ,
In our organization we our in practice of resetting the Internet password … we simply enter the new password on internet password filed on person document and the clear the password digest field … what exactky password digestion do ?
what is this password digestion filed is ??
Thanks
Vikalp
Subject: Password digestion
The password Digest is a hashed copy of the users password that is used to compare the ID’s password to the one store in the person document. This is used to restrict the possiblity of someone using an old ID to gain access to the Domino servers.
Here is what the ADMIN help says
"You can enable password verification so that a Notes user can authenticate with a server only after providing the correct password that is associated with the user ID. If an unauthorized user obtains an ID and learns the ID’s password, the owner of the ID can use password verification to change the password and prevent the unauthorized user from continuing to use the ID to authenticate with servers. The next time the unauthorized user tries to use the ID with the old password to access a server, the server verifies the password, determines that the password entered does not match the new password, and denies the unauthorized user access to the server. Without password verification, an unauthorized user could use an ID and password even after the user changed the password on the ID, since, by default, the password is used only to decrypt the ID file and is not verified against the password stored in the Domino Directory. If you set up password verification, require users to change the passwords on their IDs on a regular basis. As the time for the required password change approaches (after two-thirds of the current change interval has passed, but at a minimum of two days remaining), a prompt appears to remind the user to change the password. When users change the password, the current ID and Person document are updated with the new password. "
Subject: RE: Password digestion
Hi Nathan ,
If user acess the domino server through notes client , i understand that it compare the password stored in ID file with password digestion filed on person document … but if user acess the domino server through web where id file is not required then how compare happen in tha case ?
Vikalp
Subject: RE: Password digestion
The password digest has nothing to do with the HTTP password – it is only used with the Notes ID password.
Subject: RE: Password digestion
Hi stan ,
Thanks for your response , Then where HTTP password get stored ?? How the matching of password happen then ??
Thanks
Vikalp
Subject: RE: Password digestion
Vikalp
The username and password is stored in the person document in the names.nsf (domino directory).
Change the password there to reset the password.
Subject: RE: Password digestion
Your confusion is understandable. The words “hash” and “digest” are sometimes used to mean the same thing, and sometimes not.
The Internet Password field in the person document is hashed as soon as you save the document. The password itself is not saved. The hash is stored in the field instead of the password. Some people will say that the Internet Password field contains a “hashed password”, while others might say it contains a “password digest”. When a browser connects with basic authentication, Domino hashes the transmitted password using the same hash algorithm and compares it to the stored value in the Internet Password field. If it matches, the user is authenticated.
And as previously mentioned, none of this has anything to do with the Password Digest field in the person doc, which is actually a list of hashes of your Notes password that is maintained only if password checking is enabled on the server.