Parameter:
SecureInternetPasswordsShort description: Forces internet passwords to be stored in the more secure hash format (instead of @Password, salted SHA).
Profile
Parameter | SecureInternetPasswords |
Category | Security / TLS |
Component | Server |
Available since | R6 |
Supported versions | 9.0.1, 10.0, 11.0, 12.0, 14.0, 14.5 |
GUI equivalent | Configuration document (Security → Internet Password) |
Possible values | 0 = old @Password format, 1 = salted / secure hash (recommended) |
Description
Over the years, Domino has supported several hashing methods for internet passwords (HTTP / IMAP / POP3 / SMTP authentication). Older entries were stored with the insecure
@Password method (RC4-based, no salt). SecureInternetPasswords=1 forces newly set or changed passwords to be stored in the current salted-SHA-based hash format.For a complete switch-over, users must reset their passwords at least once after activation.
Example configuration
SecureInternetPasswords=1
Notes & pitfalls
- Existing
@Passwordhashes are not converted automatically.
- The Configuration document offers the same setting via GUI – additional options (minimum length, history) are available there.
- Recommended for all servers where internet authentication takes place.
- Before enabling, test that all authentication clients (web applications, IMAP clients) support the format – in practice no longer a problem.
- The change only takes effect after a restart of the relevant tasks (
http,imap, …).