Parameter:
PasswordCheckSettingShort description: Controls the server-side check of Notes ID password quality and password expiration during authentication.
Profile
Parameter | PasswordCheckSetting |
Category | Security / TLS |
Component | Server |
Available since | 10.0 |
Supported versions | 10.0, 11.0, 12.0, 14.0, 14.5, 14.5.1 |
GUI equivalent | Server document (Security → Password Management) |
Possible values | 0 = no check, 1 = check, 2 = check + required change |
Description
PasswordCheckSetting enables the server-side Notes ID password check. Level 1 validates the quality and expiry date of the ID file password during NRPC login – users with weak or expired passwords are warned or rejected. Level 2 additionally enforces a required password change, so users must set a new password at their next login.For compliance requirements (BSI, ISO 27001, BaFin), this is an important security switch – in combination with password policies in the Domino Directory.
Example configuration
PasswordCheckSetting=2
Notes & pitfalls
- Affects only Notes Clients (NRPC), not web / SMTP logins (Internet password policy applies there).
- Requires configured password policies in the Domino Directory – otherwise the check has nothing to validate against.
- Takes effect after a server restart or a
set configreload.
- For finer control per person / group, use policies instead of the notes.ini switch.
- The Server document entry Compare Notes public keys against those stored in Directory should also be configured sensibly in parallel.