Notes 8.5 Shared Login Real World Considerations (Article 2/3)
Anthony Holmes 15 December 2008 11:24:18 AM
Good though it is, there are some cases where it doesn't really make sense to use the new Notes Shared Login feature.In my first article on Notes Shared Login I gave:
- An overview of the Notes 8.5 Shared Login feature
- I distinguished it from the older Client Shared Logon feature that synchronised passwords in previous releases of Notes
- I outlined some of the key benefits of using the new feature: fewer prompts for users, one place for IT to manage password re-sets
In this article I am going to describe the consequences of introducing the new feature.
Consequences of Implementing Notes Shared Login (NSL)
This section contains a comprehensive list of all the consequences that may arise when implementing Notes Shared Login. It's important to come to a measured understanding as to whether any of these issues is significant. That can be done in a structured way.
You can use any method you like for deciding whether these consequences are deal breakers in your environment. I'd suggest that a structured way of evaluating the significance (if any) of any of the consequences can be assessed by completing the table of Number of Users affected/Importance of this issue for each point in the following style of table:
| Description of issue | |
| Number of Users affected | None, Some, All |
| Importance of this issue | None, Low, Medium, High |
Circle the number of users affected and the importance of the issue for your group of users. If you were a site with predominantly Mac or Linux users, or if you ran all users off Citrix, it'd be clear that you'd probably not introduce NSL. In many cases the 'exceptions' will probably be a small minority of your user population. It's important to understand that they will need to be handled separately, but you shouldn't magnify this issue if a majority of users will benefit from NSL. The two approaches (IDs with Notes passwords and NSL) can run in parallel by using policies to determine who gets the feature.
NSL can only be used with Windows
The Notes Shared Login feature is only currently available with Windows. It's not available with Unix or Macintosh. Users with those operating systems will continue to use a Notes ID carrying a password when using those operating systems.
| Issue Impact Summary: NSL can only be used with Windows | |
| Number of Users affected | None, Some, All |
| Importance of this issue | None, Low, Medium, High |
NSL cannot be used if Notes authentication is protected with Smartcards
Notes authentication can be augmented by the requirement that users use Smartcards when authenticating with Notes. This is not compatible with NSL.
| Issue Impact Summary: NSL cannot be used if Notes authentication is protected with Smartcards | |
| Number of Users affected | None, Some, All |
| Importance of this issue | None, Low, Medium, High |
NSL cannot be used if a Notes ID is protected with multiple passwords
In some cases, a Notes ID can be set up to require more than one password before it is used. For example, a Certifier ID, or a special ID used for high security Administration purposes might be restricted so that it can only be used following the entry of multiple passwords (eg any two out of passwords known by eight people).
NSL (fairly obviously) cannot be used with IDs needing multiple passwords because only one user is ever logged into a PC (through the User Interface) at any one time.
| Issue Impact Summary: NSL cannot be used if a Notes ID is protected with multiple passwords | |
| Number of Users affected | None, Some, All |
| Importance of this issue | None, Low, Medium, High |
NSL cannot be used with Notes running from a USB drive
With Notes 7 it became possible to install Notes on a USB (or other remote) drive. This is a quick an easy way for a user to walk up to any PC, plug in the USB drive and launch their copy of Notes without installing it on the local PC. Notes can even me run on most locked down PCs, as no permanent changes are made to the Windows Registry. When the drive is unplugged, Notes is removed from the PC.
This feature is available with Notes 8 Basic, and both Notes 8.5 Basic and Notes 8.5 Standard (with the richer Eclipse based user interface and plug-in extensibility).
Because Notes on a USB drive runs on any PC regardless of which user logged on, it is not consistent with Notes Single Logon.
| Issue Impact Summary: NSL cannot be used with Notes running from a USB drive | |
| Number of Users affected | None, Some, All |
| Importance of this issue | None, Low, Medium, High |
NSL cannot be used with Windows Mandatory Profiles
Windows Mandatory Profiles were implemented with Windows NT.
They are supported with Windows XP and Vista, (I presume) for backward compatibility purposes.
Profile changes that a user might make while using a Mandatory Profile are lost when the user logs off.
Customisable profiles (which can be used with NSL) are more flexible. However, if users have Mandatory Profiles, the continued need for Mandatory Profiles will need to be weighed against the benefits of implementing NSL.
| Issue Impact Summary: NSL cannot be used with Windows Mandatory Profiles | |
| Number of Users affected | None, Some, All |
| Importance of this issue | None, Low, Medium, High |
NSL cannot be used with Citrix
Users logging in to Notes using Citrix will need to continue to use a Notes ID file that contains a password when they access Notes via Citrix.
| Issue Impact Summary: NSL cannot be used with Citrix | |
| Number of Users affected | None, Some, All |
| Importance of this issue | None, Low, Medium, High |
Sametime Logins are handled separately
Notes users may be using integrated Sametime with their Notes clients.
• Sametime doesn't use the Notes ID for authentication
• Sametime is configured to run with user name/password authentication against an LDAP Directory
• Sametime credentials (user name and password) can be saved , ensuring that it's not necessary for them to type the password each time they start Sametime as part of a Notes session.
As a general rule, the Sametime will only prompt for an LDAP password when that password has been changed.
| Issue Impact Summary: Sametime Logins are handled separately | |
| Number of Users affected | None, Some, All |
| Importance of this issue | None, Low, Medium, High |
Special Considerations apply where native Lotus Notes Roaming is used
See my next blog posting describing this topic and the changes that might need to be implemented.
- Comments [2]