Lotus Domino Administrator 6.5 Help - Setting up ID recovery

SECURITY

Setting up ID recovery
Before users can recover their ID files, you must set up a centralized mail or mail-in database to store encrypted backups of ID files and specify information about which administrators -- known here as recovery authorities -- are allowed to recover IDs. You must perform these steps before anyone loses or corrupts an ID -- ideally before you begin registering users.

1. From the Domino Administrator, click Configuration, and then click Certification.

2. Click Edit Recovery Information.

3. In the "Choose a Certifier" dialog box, click Server and select the registration server name from the Domino Directory (only if the correct server name does not appear).

4. Choose the certifier for which you are creating recovery information.

If you are using a server-based certification authority, click "Use the CA process" and select a certifier from the drop-down list. You must be a Certificate Authority (CA) administrator for the certifier in order to change ID recovery information.
If you are not using a server-based certification authority, click "Supply certifier ID and password." If the certifier ID path and file name does not appear, click Certifier ID and select the certifier ID file and enter the password.

5. Click OK. The "Edit Master Recovery Authority List" dialog box appears.

6. Enter the number of recovery authorities that are required to recover an ID file. It is recommended that you choose at least three.

7. Click Add and select the names of the administrators who are the designated recovery authorities.

8. Choose whether you want to use an existing mailbox for recovery information or create a new one.

If you have a mail or mail-in database already set up for recovery information, click "I want to use an existing mailbox." Click Address and select the database from the Domino Directory.
If you want to create a new database to store recovery information, click "I want to create a new mailbox." In the "Create New Mailbox" dialog box, enter the name of the server on which the database is to be created, and the database title. You can use the file name that is created from the database title, or you can create a new one.

Note

Whenever you make changes in this dialog box, the Export button is disabled. You cannot export recovery information until you save the new or updated information.

9. Click OK.

10. If you are using a server-based certification authority, at the server console type:

load ca

This starts the CA process with the new recovery information, or refreshes it if it is already running. Then type:

tell adminp process all

to process the request to add recovery information to the certifier.

11. In the mail-in database ACL, set the -Default- access to No access and give administrators Reader access.

Note If you have created additional O-level Notes certifiers, be sure to cross-certify them with the initial Notes certifier prior to setting up recovery information.

See also

ID recovery

Glossary

Help on Help

Open Full Help Window

Glossary

Help on Help

Open Full Help Window