Domino supports Internet password lockout, which is meanwhile working for all internet protocols (it came in thru a fix I think somewhere in the 8.5.x code stream and isn't really documented). This does already help to protect individual accounts. But it doesn't currently help for the same IP trying to hack different accounts.

This morning got up early and took another look into Astra Linux. First of all I did another install without GUI to see how things would work with a server that is comparable to a CentOS minimum install. The installation was very smooth and straight forward even on command-line. The only part I had to setup manually was the network configuration and I had to install the SSH server (apt install openssh-server). That was the base for my installation.

Thomas and me are working on the Domino on Docker project which has been around for a while. We are constantly updating it with more functionality. Beside the main functionality of providing an automated installation we have a management script that can help to build custom Domino docker images for (e.g.) including applications.

For the Docker project I looked into cross certifying IDs via C-API and the Lotus Script/Notes Java classes. It turned out that this only works well for safe.ids. The information from the ID files which is needed for cross certification requires to open the Notes.ID. In Lotus Script/Java in a client you are prompted for the password.