IBM Notes Traveler Companion security settings
Starting with IBM® Notes® Traveler Companion 2.0.5 and IBM Traveler server 8.5.3.2, there are new security settings available that control how Companion connects to the IBM Traveler server and how attachments in encrypted mails can be used on the mobile device.
These new options are controlled by a setting called
NTS_COMPANION_POLICY
that
can be added to the notes.ini
on the IBM Traveler server. The IBM Traveler server
must be restarted after these settings are saved to notes.ini
. Note that in order
for these settings to be used, the Companion version must be 2.0.5 or higher and the IBM Traveler
server must be 8.5.3.2 or higher. If any of these settings are present in the server configuration,
and an Apple iOS device user has not upgraded their Companion application to at least version 2.0.5
from the Apple App store, then the IBM Traveler server will not allow the Companion application to
connect to the server. In this case, the old Companion application will fail with an "Unknown error"
message. The solution is to have the mobile device user upgrade their Companion application from the
App store to the latest available version.Notes®.ini setting name | Values | Description |
---|---|---|
NTS_COMPANION_POLICY |
nountrustedcert
|
Prevents the Companion application from connecting to any server using an untrusted or expired
SSL certificate. If this setting is present and Companion detects an untrusted or expired SSL
certificate, then the Apple device user will receive an error indicating that a connection cannot be
made because of an untrusted server. If this setting is not present, then Companion will warn the
user that an untrusted server was detected, but it will give the user the choice to cancel or
continue with the connection to the IBM Traveler server.
Note: This setting only applies to Traveler
Companion if it connects to the IBM Traveler server using an SSL connection. Non-SSL connections are
supported, but SSL is highly recommended. Note: Traveler Companion 2.0.5 now includes a
setting on the application menus to Allow invalid certificate. If the
nountrustedcert policy has been applied, this setting will be grayed out and cannot
be changed by an end user. |
noexport |
Prevents attachments within encrypted mail from being printed, or exported to or viewed by any third party application on the Apple device. By setting this policy, only attachments that are viewable using Apple built-in viewers can be opened on the Apple device. If this setting is not present, then attachments can be opened by third party applications installed on the Apple device that support this type of attachment. |
NTS_COMPANION_POLICY
can have multiple values
by separating the values with a comma. For example, to include both
of the new options, use the following in notes.ini
:
NTS_COMPANION_POLICY=nountrustedcert,noexport