HCL Domino Ideas Portal

Welcome to the #dominoforever Product Ideas Forum! The place where you can submit product ideas and enhancement request. We encourage you to participate by voting on, commenting on, and creating new ideas. All new ideas will be evaluated by HCL Product Management & Engineering teams, and the next steps will be communicated. While not all submitted ideas will be executed upon, community feedback will play a key role in influencing which ideas are and when they will be implemented.

For more information and upcoming events around #dominoforever, please visit our Destination Domino Page

Add a new idea Subscribe
Status Under Consideration
Workspace Domino
Categories Security
Created by Guest
Created on Nov 2, 2022

RELATED IDEAS

Check and monitor Domino time vs NTP servers

Correct Domino time becomes more and more important. Usually the OS is already using NTP servers. Domino only updates Domino time from system time when jumping to a future date, but only in small steps.


Having this in mind the time could be still different and the admin should be alerted.


This is specially important for newer more time sensitive security functionality like TOTP, OIDC/OpenID, DKIM, but also for SAML around for a while.

- Optionally check NTP servers directly

- Check time against the current OS time

- Provide statistics for the differences so admins can configure statistic monitors

- Send DDM events when time is different.

  • Attach files
  • Guest
    Reply
    |     Jul 18, 2024

    There is a feature to prevent servers going into future by keeping the time in the notes.ini and checking it when the server starts.

    So when the time differs too much the server will not start.


    What is currently NOT prevented is changes during runtime. So while the server is running, it will perform any time jump forward that the OS will make. That's really dangrous and just hit one of my customers today.

    In general the OS should handle the time sync and Domino is syncing the time from OS. There is not directly a need to let Domino do that separately. But it should be checked more carefully and not generate time jumps.

    And if the time is too far in the future, Domino should alert admins.

    Of course misconfiguration can happen on OS side but generally the time should be taken from the OS.


  • Admin
    Thomas Hampel
    Reply
    |     Dec 16, 2022
    Instead of checking an NTP server, Domino would just need to compare its own time agaist the OS time, and if the difference is too big, take action or aleeting the admin.
Copyright © 2023 HCL Technologies Limited