Lotus Notes users have two separate passwords:
Managing HTTPPassword hashes is straightforward. Hitachi ID Identity and Access Management Suite uses its own ID file to connect to the appropriate Notes server and administratively set a new value on the user's password hash field. Logic is included in the Hitachi ID Password Manager Lotus Notes connector to find the most appropriate server (e.g., the user's local mail server) and to also clear the password digest field.
Managing ID file passwords is more challenging, since this password cannot be administratively reset and since delivering an updated ID file to the user depends on non-Lotus infrastructure.
To simulate a Lotus Notes ID file password reset, Hitachi ID Identity and Access Management Suite extracts a copy of the user's ID file from a central repository, changes the password on the ID file from a known (archived) value to a desired new value and delivers the new, replacement ID file to the user.
Hitachi ID Identity and Access Management Suite includes a built-in repository which can house encrypted copies of each user's ID file and associated password.
ID file delivery can be implemented with a variety of techniques. The most common technique is to deploy an extension DLL to the Notes client installed on user PCs. This DLL checks with the Hitachi ID Identity and Access Management Suite server to see if there is a newer ID files for the current OS user whenever notes.exe starts and if so - downloads it before the user signs into Notes. The same DLL also detects local changes to the ID file and uploads fresh copies of the ID file and associated password (e.g., after a Notes-native password change, name change or cross-certification).