Is it possible for to view end users passwords, now a days with so many connections to one mail box it really sucks to have to reset it to something that could already be just verified.
Zimbra 5.0.14 on Centos 5.3
- Zimbra Collaboration 8.6 Patch 9 now available (includes fix for CVE-2017-8802). Read the announcement.
- Zimbra Collaboration 8.8.7 + Zimbra Connector for Outlook 8.8.7 are available.. Read the announcement.
- Are you a Zimbra Developer? You can find some interesting stuff in our Official GitHub: https://github.com/Zimbra and check the Community Projects too: https://github.com/Zimbra-Community/
Passwords
Passwords
[quote user="LowWalker"]Is it possible for to view end users passwords,...[/QUOTE]No, of course you can't, they're encrypted for security.
Regards
Bill
Rspamd: A high performance spamassassin replacement
If you'd like to see this implemented in a future version of ZCS then please vote on Bugzilla entries 97706 & 108168
Bill
Rspamd: A high performance spamassassin replacement
If you'd like to see this implemented in a future version of ZCS then please vote on Bugzilla entries 97706 & 108168
Passwords
I mean on server side, I guess I will just have to keep side documentation :(
But you know what I mean? Blackberry, home PC, work PC, laptop etc...
Almost all users have at least 2 connections set and supporting your end users can get "fun".
But you know what I mean? Blackberry, home PC, work PC, laptop etc...
Almost all users have at least 2 connections set and supporting your end users can get "fun".
Passwords
Why not authenticate against a single source then ?
Passwords
I do want it to auth against a single source. But I also will be doing the end user support for this, so if they "forget" there password, I would rather be able to see it and tell them. If not, I now have to reset it, and have all their connection methods setup with the new password. Just time consuming and a drain. I will just keep a spreadsheet on the side :)
-
- Outstanding Member
- Posts: 315
- Joined: Fri Sep 12, 2014 11:31 pm
Passwords
If they authenticate against a single source, shouldn't you only have to reset 1 password? What else would you have to be resetting? Sure, the user's other connections will ask for the new password, but that's up to them to enter.
Passwords
What he means is, you have to enter a newly issued password on many devices (iPhone, Outlook, Mac, Connectors, ...).
Passwords
[quote]What he means is, you have to enter a newly issued password on many devices (iPhone, Outlook, Mac, Connectors, ...).[/QUOTE]
Yeaaaah! If I give them the option to change their password, thats fine... if I can see it so when they mess up their account, break their blackberry or whatever other 100 things that happen I can be prepared to tell them what it is.
Effectively allowing me to only help them setup access on device, instead of all.
Yeaaaah! If I give them the option to change their password, thats fine... if I can see it so when they mess up their account, break their blackberry or whatever other 100 things that happen I can be prepared to tell them what it is.
Effectively allowing me to only help them setup access on device, instead of all.
Passwords
I'll just add my 2 cents, take it or leave it. I completely understand where you are coming from with this, as it has caused me issues while supporting users. But, passwords aren't encrypted ONLY for technical security.
I've dealt with this question many time and the major reason that I refuse to know user's passwords is from a liability standpoint. If there is a way that I can figure out a user's password, I can 'masquerade' as that user. If there isn't a way to figure the password out (i.e. hashing), then if a user performs an action, I have a level of recourse (non-repudiation), as they are suppose to be the only one who knows the password to the account.
Not to mention, how do you securely store all of your user's passwords. I know this isn't a big challenge for some, but I've seen more than a few "secret notebooks" or massive spreadsheets. :)
Once again, I'm not stating this to be a jerk. Just some background... :o
Cheers,
Dusty
I've dealt with this question many time and the major reason that I refuse to know user's passwords is from a liability standpoint. If there is a way that I can figure out a user's password, I can 'masquerade' as that user. If there isn't a way to figure the password out (i.e. hashing), then if a user performs an action, I have a level of recourse (non-repudiation), as they are suppose to be the only one who knows the password to the account.
Not to mention, how do you securely store all of your user's passwords. I know this isn't a big challenge for some, but I've seen more than a few "secret notebooks" or massive spreadsheets. :)
Once again, I'm not stating this to be a jerk. Just some background... :o
Cheers,
Dusty
Passwords
I understand the risk, but if you have had to support end users... you get what I mean. I suppose I couldnt encrypt a USB flash drive with the file and keep it on my key chain if audit time rolls around :)
Also I am new admin to zimbra, are there any extensions that are good for server or user monitoring besides whats in the package?
Also I am new admin to zimbra, are there any extensions that are good for server or user monitoring besides whats in the package?
Who is online
Users browsing this forum: L. Mark Stone and 22 guests