KB12420 - How to change the length of time for which the BlackBerry Enterprise Server for IBM Lotus Domino messaging agent caches a Notes .id password

Environment

* BlackBerry® Enterprise Server software version 4.1 and later for IBM® Lotus® Domino®

Overview

After a BlackBerry smartphone user imports the Notes .id file and password (stored in the Notes .id file), the following actions occur:

1. The BlackBerry smartphone encrypts the password with the BlackBerry smartphone user’s master encryption key using Advanced Encryption Standard (AES) and stores the password in the BlackBerry smartphone memory.
2. The BlackBerry Enterprise Server for IBM Lotus Domino messaging agent encrypts the password with the BlackBerry smartphone user’s master encryption key using AES, and decrypts the password before using it to call the required IBM® Lotus Notes® application programming interface (API) security functions.

The BlackBerry Enterprise Server for IBM Lotus Domino messaging agent deletes the Notes .id plain text (decrypted) passwords it stores when the passwords time out. The BlackBerry Enterprise Server administrator can customize the length of time for which the messaging agent caches the BlackBerry smartphone user's Notes .id password. The default expiration timeout is 24 hours. The BlackBerry Enterprise Server administrator can also set the timeout value to 0 to require the BlackBerry smartphone user to type the Notes .id password to decrypt and read every Lotus Notes encrypted message received on the BlackBerry smartphone.

Procedure

To change the Notes .id password timeout value, complete the following steps:

Warning: The following procedure involves modifying the computer registry. This can cause substantial damage to the Windows® operating system. Document and back up the registry entries prior to implementing any changes.

1. On the computer on which the BlackBerry Enterprise Server service is installed, start the Registry Editor.
2. In the left pane, browse to HKEY_LOCAL_MACHINE\Software\Research in Motion\BlackBerry Enterprise Server\Agents.
3. Click Edit > New > DWORD Value and type SECMSGPasswordCacheTimeout.
4. Double-click SECMSGPasswordCacheTimeout.
5. In the Value Data field, type the desired password timeout value, in seconds.
6. Click OK.

Note: In step 5, entering a timeout value of 0 requires the BlackBerry smartphone user to type the Notes .id password to decrypt and read every Lotus Notes encrypted message received on the BlackBerry smartphone.

__________________
Si MCTS
Co-Owner
Port3101 - Your BES Connection

Don't forget, you can follow us on Twitter

The views expressed by me on Port3101 and its affiliated sites are my own and do not necessarily reflect the views of my employer.