ZCS Administrator's Guide 8.0.4
ZCS Administrator's Guide 8.0.4
Network Edition


Class of Services for Accounts > Managing Passwords

Managing Passwords
If you use internal authentication, you can quickly change an account's password from the Account’s toolbar. The user must be told the new password to log on.
Important: If Microsoft Active Directory (AD) is used for user authentication, you must disable the Change Password feature in the COS. The AD password policy is not managed by Zimbra.
If you want to make sure users change a password that you create, you can enable Must Change Password for the account. The user must change the password the next time he logs on.
Password restrictions can be set either at the COS level or at the account level. You can configure settings to require users to create strong passwords and change their passwords regularly, and you can set the parameters to lock out accounts when incorrect passwords are entered.
Direct Users to Your Change Password Page
If your ZWC authentication is configured as external auth, you can configure ZCS to direct users to your password change page when users change their passwords. You can either set this URL as a global setting or a per domain setting.
Set the zimbraChangePasswordURL attribute to the URL of your password change page. In ZWC. Change Password in Preferences > General links to this URL, and when passwords expire, users are sent to this page.
This is changed from the zmprov CLI. For domains, type
zmprov md exampledomain.com zimbraChangePasswordURL http://www.mysite.com
Configure a Password Policy
If internal authentication is configured for the domain, you can require users to create strong passwords to guard against simple password harvest attacks Users can be locked out of their accounts if they fail to sign in after the maximum number of attempts configured.
The password settings that can be configured are listed below.
Copyright © 2013 VMware Inc.