Sametime Proxy does not respect lock out settings for failed passwords on Domino server

anon-913 · September 8, 2021, 1:25pm

Security is not stronger that the weakest link.

A customer has a Sametime Proxy server set up facing the internet.

Tests show that the Sametime Proxy server does not respect lock out settings for failed passwords on the connecting Sametime Domino server.

This is a server issue since attacks using brute force may easily guess a users password then .

Can the Sametime Proxy server be enabled to respect this? ...or does it have it's own security settings for locking out users which can be set?

/Jesper Kiaer

anon-1632 · September 8, 2021, 1:48pm

Hello @Jesper Bairholm , I supposed you are using Domino as LDAP Server for your Sametime environment, right?

If yes, please check the document below on how to use Internet password lockout feature on Domino side:

> Using Internet password lockout

https://help.hcltechsw.com/domino/12.0.0/admin/secu_using_internet_password_lockout.html

I hope it helps on some way.

Please mark this question as answered and helpful if your issue is resolved.

Regards!

Rodrigo de San Vicente

Staff Software Engineer

Collaborative Workflow Platform

anon-913 · September 8, 2021, 2:05pm

Hi

I am using the Domino directory, but not as LDAP.

I have setup lockout feature on Domino and works correctly.

If i try to open a database which requires login, and I use a wrong the failed login shows up in lockout database.

If I try with a wrong password from a browser to Sametime Proxy nothing gets recorded in the lockout database...hence my question

/Jesper Kiaer

anon-1633 · September 8, 2021, 2:47pm

Please see following for information on this question. This is a Domino issue that is resolved in Domino 11.0.1 FP1.

Make the password lockout feature available for Sametime. Currently a user can't get locked out even after several failed attempts

https://domino-ideas.hcltechsw.com/ideas/STC-I-171

Thanks,

David Workman

HCL Sametime Support

anon-913 · September 14, 2021, 7:29am

@David Workman The server is running V11Fp3 so apparently it was not fixed in FP1.

anon-1559 · September 22, 2021, 7:47pm

Hi Jesper,

Yes, I have seen and understand that Sametime rich client users may become 'locked out' due to the Domino Lock-Out Database, but this does not affect the same STProxy user logins.

I do not see that we have an enhancement request specifically for this behavior having searched lockout via this link; https://domino.ideas.aha.io/ideas

Which lands us here: https://domino-ideas.hcltechsw.com/ideas/search?utf8=%E2%9C%93&query=lockout

My suggestion would be to use the first link and submit your idea explicitly, return here and post the link so that we may help vote on this with you. And perhaps in tandem, open a service request with HCL Sametime, this will give us the ability to directly notify our development team to query their understanding.

Best Regards, Keith Kopanski
Senior Product Support Engineer, HCL Sametime

anon-913 · June 3, 2024, 2:01pm

I have created an idea now, please vote for it .

https://domino-ideas.hcltechsw.com/ideas/STC-I-569

/Jesper Kiaer