zimbra desktop + no security = login/passwords cleartext over network?

General discussion about Zimbra Desktop.
BloodyIron
Advanced member
Advanced member
Posts: 67
Joined: Sat Sep 13, 2014 2:58 am
Contact:

zimbra desktop + no security = login/passwords cleartext over network?

Postby BloodyIron » Thu Aug 29, 2013 10:59 am

Zimbra Desktop does not accept our self-signed certs inherently, so a proposed solution in our environment is just not using a secure connection.
Does anyone know if this means the login/password are transmitted in clear or readable text at all when authenticating?


phoenix
Ambassador
Ambassador
Posts: 26617
Joined: Fri Sep 12, 2014 9:56 pm
Location: Liverpool, England

zimbra desktop + no security = login/passwords cleartext over network?

Postby phoenix » Thu Aug 29, 2013 11:30 am

[quote user="BloodyIron"]Zimbra Desktop does not accept our self-signed certs inherently, so a proposed solution in our environment is just not using a secure connection.[/QUOTE]Why doesn't it accept the certificate, there is an option to accept self-signed certificates - are you saying that doesn't work?
Regards

Bill

Rspamd: A high performance spamassassin replacement

Per ardua ad astra
BloodyIron
Advanced member
Advanced member
Posts: 67
Joined: Sat Sep 13, 2014 2:58 am
Contact:

zimbra desktop + no security = login/passwords cleartext over network?

Postby BloodyIron » Thu Aug 29, 2013 11:57 am

I only know of this setting through a config file change, not a GUI option. Am I missing it? So far though the setting via the config file has not reliably worked, but I haven't rigorously tested it.
phoenix
Ambassador
Ambassador
Posts: 26617
Joined: Fri Sep 12, 2014 9:56 pm
Location: Liverpool, England

zimbra desktop + no security = login/passwords cleartext over network?

Postby phoenix » Thu Aug 29, 2013 12:21 pm

When you connect to an account that has a self-signed certificate it gives you the option to accept it on the setup page for that account, have you not seen that option?
Regards

Bill

Rspamd: A high performance spamassassin replacement

Per ardua ad astra
BloodyIron
Advanced member
Advanced member
Posts: 67
Joined: Sat Sep 13, 2014 2:58 am
Contact:

zimbra desktop + no security = login/passwords cleartext over network?

Postby BloodyIron » Thu Aug 29, 2013 12:33 pm

For the Zimbra Desktop 7.2.2 client it just says Invalid or Untrusted certificate, and lets me see the error. I am not presented with a way to trust the certificate.
phoenix
Ambassador
Ambassador
Posts: 26617
Joined: Fri Sep 12, 2014 9:56 pm
Location: Liverpool, England

zimbra desktop + no security = login/passwords cleartext over network?

Postby phoenix » Thu Aug 29, 2013 1:36 pm

[quote user="BloodyIron"]I am not presented with a way to trust the certificate.[/QUOTE]I'm not at my machine at the moment but if I remember correctly, the error that you see should have an option to accept the untrusted certificate - I've used it often enough to know it exists.
Regards

Bill

Rspamd: A high performance spamassassin replacement

Per ardua ad astra
BloodyIron
Advanced member
Advanced member
Posts: 67
Joined: Sat Sep 13, 2014 2:58 am
Contact:

zimbra desktop + no security = login/passwords cleartext over network?

Postby BloodyIron » Thu Aug 29, 2013 2:58 pm

Hmm, yes the green button does turn into "Accept". Not sure how I missed that.
I recall now though that my earlier issue I was having that Zimbra Desktop was not actually getting any data from the server at all. It was just erroring out, but now it is getting data. While that may not be very much information, do you know of any scenarios where this may happen? It would have a Red X beside inbox when Zimbra logged in, after trying to sync of course.

Return to “General Questions”

Who is online

Users browsing this forum: No registered users and 4 guests