ZCS Administrator Guide 7.2.1
ZCS Administrator Guide 7.2.1
Open Source Edition


Customizing Accounts, Setting General Preferences and Password Rules > Setting Password Policy
Setting Password Policy
If internal authentication is configured for the domain, you can configure ZCS to impose requirements on what type of password a user can create, and to require users to periodically change their passwords.
Important: If Microsoft Active Directory (AD) is used for user authentication, you must disable the Change Password feature in their COS. The AD password policy is not managed by Zimbra.
The password settings that can be configured are listed below.
 
Feature Name
Description
COS/Account Tabs
Minimum/Maximum password length
This specifies the required length of a password. The default minimum length is 6 characters. The default maximum length is 64 characters.
Advanced
Minimum /Maximum password age
Configuring a minimum and maximum password age sets the password expiration date. Users can change their passwords at any time between the minimum and maximum set. They must change it when the maximum password age is reached.
Advanced
The following settings set the rules for what characters are required for a password. Setting these can make users create more complex passwords. Users must use at least the minimum characters set in each of these fields in their password if they are configured. If a settings is 0, the character is not required to create a valid password.
Minimum upper case characters
Upper case A-Z
Advanced
Minimum lower case characters
Lower case a-z
Advanced
Minimum numeric characters
Base 10 digits 0 - 9
Advanced
Minimum punctuation symbols
Non-alphanumeric:
! $ % & ' ( ) * + , - / ; < = > ? [ ] ^ { } ~
 
Advanced
You can set specific punctuation symbols to use in the attribute, zimbraPasswordAllowedPunctuationChars.
zmprov mc <cosname> zimbraPasswordAllowedPunctuationChars [!$%'()*+,-/;<=>?\[\]^{}~]
When this attribute is configured, only these punctuation symbols can be used in passwords.
Password validation using either numbers or punctuation symbols
 
A password validation rule can be configured that requires users to include a minimum number of either numerical characters or punctuation symbols in their passwords. This is configured from the CLI.
zmprov mc <cosname> zimbraPasswordMinDigitsOrPuncs [X]
When this is set, passwords must include at least the number of digits or the number of punctuation symbols specified in addition to any other configured minimum requirements.
From the CLI
Minimum number of unique passwords history
Number of unique new passwords that a user must create before he can reuse an old password.
Advanced
Password locked
Users cannot change their passwords.This should be set if authentication is external.
Advanced
Must change password
When a user logs in, he is required to change his password.
General Information
Change password
When this is enabled, users can change their password at any time within the password age settings from their account Preferences tab.
Features
Copyright © 2012 VMware Inc.