为何HTTP Password 修改后新老密码均可使用

为何HTTP Password 修改后新老密码均可使用

管理员反映 HTTP Password 修改后新老密码均可使用，对应的问题报告编号为SPR #HSPR7CX73U
标题为：Old password doesn't get inactive immediately after changing DWA password
开发团队认为这种行为是符合设计的：
When Web users change their Internet passwords, the Domino HTTP server remembers the new Internet password in its cache, as well as the old password. Caching is useful because it can take some time for the password change to take effect, as the change must be processed by the Domino administration server and replicated throughout the Domino environment. Password caching allows the HTTP server to immediately recognize the user's new Internet password and accept it for login, even though the password change information may not be finished replicating in the Domino environment. Prior to Domino 6.0.3, password change caching was available only for single session authentication. Password changes can now be cached when the HTTP server is configured for SSO. The referenced tech note is incorrect (I have submitted a request to have the tech note updated to say that this feature was implemented for SSO users in 6.0.3).
Without password caching, then the user can only login by supplying the password that can be verified against the password information found by the server in the Domino Directory. The server Notes.ini parameter HTTP_PWD_CHANGE_CACHE_HOURS can be configured to be 0 to avoid password caching. If there is no password caching, the user cannot know for sure whether the server's directory in the environment has the password update. In the case where the Domino directory replica has not yet been updated, the user cannot use the new password and must continue to use the old password.
Domino 提供了 HTTP 密码缓存功能并非产品缺陷。在 HTTP 任务未重启的前提下，48 小时内再次登录时新老密码均有效。
目的是为了 Domino 目录完全同步之前，即使新密码还未来得及复制到其他服务器上，用户还能够使用旧密码登录其他 Web 服务器，
如果希望禁用HTTP密码缓存功能，可以在 notes.ini 中添加以下参数并重启服务器：
HTTP_PWD_CHANGE_CACHE_HOURS=0
如果要立即清理HTTP密码缓存，可以在控制台执行命令：
show nlcache reset