Technology Platform Support Lotus Notes / Domino Integration

Lotus Notes / Domino Integration

P-Synch®, a component of Hitachi ID Management Suite®, is enterprise password management software. It reduces the frequency of help desk calls, improves user productivity and strengthens security with password synchronization, self-service password reset, help desk password reset and simplified administration of other authentication factors, such as hardware tokens and biometric samples. P-Synch includes connectors to manage passwords on over 70 types of systems.

Lotus Notes Integration

Lotus Notes users have two separate passwords:

• An HTTPPassword hash in the Domino Directory (formerly the Name and Address Book (NAB)) on one or more Notes / Domino servers

• A password used to encrypt their Notes ID file, which may be physically stored in one or more locations, including their local hard disk, a network share or even a floppy disk

Managing HTTPPassword hashes is straightforward. P-Synch uses its own ID file to connect to the appropriate Notes server and administratively set a new value on the user's password hash field. Logic is included in the P-Synch Lotus Notes agent to find the most appropriate server (e.g., the user's local mail server) and to also clear the password digest field.

Managing ID file passwords is more challenging, since this password cannot be administratively reset and since delivering an updated ID file to the user depends on non-Lotus infrastructure.

To simulate a Lotus Notes ID file password reset, P-Synch extracts a copy of the user's ID file from a central repository, changes the password on the ID file from a known (archived) value to a desired new value and delivers the new, replacement ID file to the user.

An existing ID file repository can be leveraged and P-Synch can take over the function of maintaining the content of the repository -- for example, prompting users to update their entry when they get a new Notes account or after a cross-certification or name change that causes their ID file to change.

ID file delivery can be implemented with a variety of techniques, including file synchronization between the user's workstation and a staging directory, delivery using an extension DLL installed on the Notes client, directly mapping a share to the user's workstation and depositing a new ID file on its file system, or using a software distribution system such as SMS or Marimba.

Lotus Notes ID file management in P-Synch is unique in that:

• Installation of client software is not required (though using client software for delivery is one of the available options).
• A variety of delivery mechanisms are supported.
• There is built-in infrastructure for maintaining the ID file repository, rather than just assuming that it is already complete and current.

© Hitachi ID Systems, Inc. 2008. All rights reserved.