Passwords

Discuss your pilot or production implementation with other Zimbra admins or our engineers.
LowWalker
Posts: 9
Joined: Fri Sep 12, 2014 11:45 pm

Passwords

Postby LowWalker » Fri May 15, 2009 8:02 am

Is it possible for to view end users passwords, now a days with so many connections to one mail box it really sucks to have to reset it to something that could already be just verified.
Zimbra 5.0.14 on Centos 5.3


phoenix
Ambassador
Ambassador
Posts: 26344
Joined: Fri Sep 12, 2014 9:56 pm
Location: Liverpool, England

Passwords

Postby phoenix » Fri May 15, 2009 8:07 am

[quote user="LowWalker"]Is it possible for to view end users passwords,...[/QUOTE]No, of course you can't, they're encrypted for security.
Regards

Bill

Rspamd: A high performance spamassassin replacement

If you'd like to see this implemented in a future version of ZCS then please vote on Bugzilla entries 97706 & 108168
LowWalker
Posts: 9
Joined: Fri Sep 12, 2014 11:45 pm

Passwords

Postby LowWalker » Fri May 15, 2009 8:18 am

I mean on server side, I guess I will just have to keep side documentation :(
But you know what I mean? Blackberry, home PC, work PC, laptop etc...
Almost all users have at least 2 connections set and supporting your end users can get "fun".
uxbod
Ambassador
Ambassador
Posts: 7811
Joined: Fri Sep 12, 2014 10:21 pm

Passwords

Postby uxbod » Fri May 15, 2009 8:44 am

Why not authenticate against a single source then ?
LowWalker
Posts: 9
Joined: Fri Sep 12, 2014 11:45 pm

Passwords

Postby LowWalker » Tue May 19, 2009 9:05 am

I do want it to auth against a single source. But I also will be doing the end user support for this, so if they "forget" there password, I would rather be able to see it and tell them. If not, I now have to reset it, and have all their connection methods setup with the new password. Just time consuming and a drain. I will just keep a spreadsheet on the side :)
Jbrabander
Outstanding Member
Outstanding Member
Posts: 315
Joined: Fri Sep 12, 2014 11:31 pm

Passwords

Postby Jbrabander » Tue May 19, 2009 10:10 am

If they authenticate against a single source, shouldn't you only have to reset 1 password? What else would you have to be resetting? Sure, the user's other connections will ask for the new password, but that's up to them to enter.
iway
Outstanding Member
Outstanding Member
Posts: 425
Joined: Fri Sep 12, 2014 11:31 pm

Passwords

Postby iway » Tue May 19, 2009 12:07 pm

What he means is, you have to enter a newly issued password on many devices (iPhone, Outlook, Mac, Connectors, ...).
LowWalker
Posts: 9
Joined: Fri Sep 12, 2014 11:45 pm

Passwords

Postby LowWalker » Tue May 19, 2009 1:47 pm

[quote]What he means is, you have to enter a newly issued password on many devices (iPhone, Outlook, Mac, Connectors, ...).[/QUOTE]
Yeaaaah! If I give them the option to change their password, thats fine... if I can see it so when they mess up their account, break their blackberry or whatever other 100 things that happen I can be prepared to tell them what it is.
Effectively allowing me to only help them setup access on device, instead of all.
dustys
Advanced member
Advanced member
Posts: 67
Joined: Fri Sep 12, 2014 10:25 pm

Passwords

Postby dustys » Tue May 19, 2009 9:57 pm

I'll just add my 2 cents, take it or leave it. I completely understand where you are coming from with this, as it has caused me issues while supporting users. But, passwords aren't encrypted ONLY for technical security.
I've dealt with this question many time and the major reason that I refuse to know user's passwords is from a liability standpoint. If there is a way that I can figure out a user's password, I can 'masquerade' as that user. If there isn't a way to figure the password out (i.e. hashing), then if a user performs an action, I have a level of recourse (non-repudiation), as they are suppose to be the only one who knows the password to the account.
Not to mention, how do you securely store all of your user's passwords. I know this isn't a big challenge for some, but I've seen more than a few "secret notebooks" or massive spreadsheets. :)
Once again, I'm not stating this to be a jerk. Just some background... :o
Cheers,

Dusty
LowWalker
Posts: 9
Joined: Fri Sep 12, 2014 11:45 pm

Passwords

Postby LowWalker » Wed May 20, 2009 7:36 am

I understand the risk, but if you have had to support end users... you get what I mean. I suppose I couldnt encrypt a USB flash drive with the file and keep it on my key chain if audit time rolls around :)
Also I am new admin to zimbra, are there any extensions that are good for server or user monitoring besides whats in the package?

Return to “Administrators”

Who is online

Users browsing this forum: L. Mark Stone and 22 guests