Password requirements

HCL Domino Domino Forum
1

We are in the process of upgrading our Domino Server to R14, but for the time being we are running Domino 9 on a Linux server, with a Browser UI.

My question is can we enforce eight-character passwords and scheduled password change requirements?

Thx in advance

Problem/Query:

2

Yes , you can.
Create a password policy and apply to all users or specific users. The password policy is pretty comprehensive and caters to various password complexities as well as password change requirements.

3

Hi Paul,

In response to your question, yes you can. You can apply it to all users, or specific users.

Follow the steps below for the configuration:

  1. Create an Explicit Policy (this is for all the users).
  • Navigate People & Groups
  • Select Policies
  • Click on Add Policy
  1. Configure Security Settings:
  • Under the Basics tab, locate the “Security” setting type.
  • Click New
  1. Set Password Change Requirements:
  • Go to the Password Management tab.
  • Find “Enforce Password Expiration” and configure it as needed
  1. Enforce Eight-Character Passwords:
  • While still in the Password Management tab, locate “Use Custom Password Policy”
  • Change its status to YES
  1. Custom Password Policy:
  • Once you’ve enabled the custom policy, navigate to the Custom Password Policy tab.
  • From there, you’ll be able to specify the minimum password length, including the eight-character requirement.
  1. Review Expiration Settings:
  • Within the Custom Password Policy tab, you’ll also find the “Password Expiration Settings” where you can further manage and confirm “Enforce Password Expirations”

I hope these steps are clear and helpful. Kindly refer the knowledge articles below for further information:
**Assigning an explicit policy

**Creating a security policy settings document

Regards,
John Vincent Dela Cruz

4

Excellent information, thx to you both. We are a SaaS vendor, and we host an Inspection DB for multiple Clients. Not all are interested in applying those controls. Are these settings at a Server or Database level?

5

This is at server level and not database level. However, you can apply different password policies for different users, effectively effecting different databases in case your inspection dbs are organization specific . So you could apply a strict policy for users of Databases A, B,C whereas users of database D,E may have no specific password policy applied to them.

6

Again, good info. Each of our Clients have many Users, so assigning a password policy at a User level would be labour intensive. Is it possible to assign a password policy at a Group level?

7

Yes it can be done at group level.

8

Hi Paul,

Yes, you can assign a password policy to a specific group

Once policy is created, open it and go to the Policy Assignment tab. Click Edit Policy, then click the dropdown button to select the users and groups you want to assign the policy to. Confirm by clicking OK, then save and close.

9

Thx again… we’ll give that a try… the key will being able to select Groups from different DBs… worst case we crate a different Password Policy for each Client.

10

Hello Paul,

As per the description you mentioned that Domino servers are accessed by browser UI.
So, for web interface, internet password will be used or you can set to use the IDvault password for web authentication in server configuration document as on below screenshot.

image
image1388×762 152 KB

To make sure the web users use the internet password and set minimum password length to 8 characters, Make sure to check “Use Length Instead” in Security setting document → Password Management → password Management Basics tab as on below screenshot and then select the security setting in Explicit policy document and apply to groups.

image
image982×397 67.5 KB

Best Regards,
Chaitanya Y

11

Thx to everyone that has responded to this entry… big help!