There are more and more options for synchronization of passwords between Notes, HTTP, LDAP and/or Active Directory environments. As you may know one form of “phishing” attack is one in which a seemingly authentic email is sent to a user requesting that a password and other user information be sent back to the sender. The sender then takes that information and utilizes the userid/password information to authenticate to user accounts and send out spam (in the best of cases). If a user replies with credit card information, well then of course…it’s a shopping spree!
After a recent phishing attack in which some of our users responded with their LDAP passwords, it occurred to me that it was a really good thing that we don’t synchronize our Notes.id passwords with our LDAP passwords. Those individuals who responded were primarily IMAP or web users. And the Notes client users remained off the radar screen of the phisher (at least for now!).
Of course as phishing attacks become more sophisticated this could change. But I was imagining a situation where the Notes.id password and Windows authentication password were synchronized, and the phisher was able to obtain access to the individual’s workstation. Is the decision to set up password synchronization for the sake of single sign-on or for simplifying processes for a user’s sake justified? Or maybe I’m over simplifying the whole process and giving a phisher too much credit?
Perhaps the message here is to err on the side of caution, and confirm that additional key structures, authentication services, and firewalls are in place. Of course there is the little security nightmare with users using the same password anyway across most system or having it written conveniently somewhere on a Post-it® note! So, don’t assume that a password is secure enough to protect users from themselves and a little phish.
I blogged earlier this week about our implementation of Lotus Notes Traveler. We sent around an notice today to all faculty/staff regarding the availability of Traveler in the university’s daily electronic newsletter.
For a Friday, and the last day of exams, we’ve added eight (twelve as of last check) new users. Or let me rephrase that. They added themselves, with almost no interaction from the support staff. Which is just goodness all around wouldn’t you say?! We’re hoping that the faculty and staff will find this a useful tool over the university’s two week winter break.
Our internal marketing team (thanks to Gary Garbett and Sam Kennedy) also came up with a super graphic for use on the web page which I’d like to share here!
As we have lots of Apple devices in our environment, we were eager to install Notes Traveler. We installed Traveler 8.5.1 over an existing Traveler 8.5 server. The install went smoothly, and Windows Mobile users connected and installed the new cab files. Our iPhone users were able to connect – and they simply LOVE Traveler! However, during our test phase, we discovered that the Domino Directory lookups were not completing as expected on the iPhone. No directory data was being returned at all, and the request was timing out.
Lotus Support suggested the following: Shutdown Traveler. Rename the NTSConfig.xml file to NTSConfig.bak and restart Traveler. This recreates the NTSConfig.xml file from the original template. Once we did that, the Directory lookup was fully functional.
Additionally, further information about the customization of the NTSConfig.xml file can be found here if you need to customize those fields to be included in the Domino Directory lookup.
As you may know, I’m co-authoring a book on Lotus Sametime for Packt Publishing. Chapter 1 went off to the publisher on time. (Wipes forehead in relief). Lots of authors have remarked on how “difficult” the first chapter is to write and finish. And because I don’t have any other experience but my own, I would have to agree. I occasionally flashbacked to those “all nighters” writing college term papers or the angst involved in finishing work project plans/white papers on a deadline. My coauthor, Tom Duff, and I did find our “collective” voice and agreed on how we would outline the chapter, which was a huge plus in the effort.
Well, we received good news this morning. The editor/publisher liked the first chapter and we have only minimal (and I mean minimal) changes to make. Whew! I am reminding myself that this is the shortest chapter in the book, and that we have more technically oriented chapters ahead, I at least feel like I made that first 10 foot hurdle!
Tom Duff and I are presenting a Show ‘n Tell Session at Lotusphere – SHOW106 “Configuring the Tivoli Directory Integrator for IBM Lotus Domino and Active Directory”
Now you may think that with a product name that includes “Directory Integrator” as part of its name that this is only a tool for directories and therefore maybe a tool for admin types only. Not so!
For example, one of the new connectors in TDI 7.0 is an XML parser. Now while I can’t speak for my fellow administrators, when I hear XML parsing my eyes glaze over. But I know developers who will just squeal over the opportunity to manipulate XML between external sources and Domino databases. Remember that TDI has a connector for Domino databases – not only the names.nsf. And with connectors to relational DB’s like SQL wouldn’t you dev’s like to have a way to move that data back and forth between Domino?
TDI is available as a free download with your Domino server license. And you’re entitled to use it as long as your assembly line (TDI process) includes Domino as a component of that process. So whether you’re synching, pushing or pulling data, doesn’t FREE appeal to you? Check it out for yourself. And better yet, if you’re attending Lotusphere be sure to attend our session. We’ll help you get started on building your own “integration engine.”