Zimbra

rickvv · #1 (**permalink**) 10-08-2007, 04:08 PM

(OpenSourceEdition, FC5)
Small Office (50 users), mostly MSIE v7 browser
I have looked in the AdminConsole, and have set my
authToken for 4 days, sessionIdleTimeout for 1 day, trying to get the User's browser to remember the username each day that they come to work.
The browser's not remembering user when they come back after lunch...
Where else would I look to find why username's not being rememebred...
I really don't think that the browsers are clrearing cookies at exit.

Any ideas, please?
thanks,
rick

mmorse · #2 (**permalink**) 10-08-2007, 05:06 PM

Are they just closing the browser window and can't open a new session that's automatically signed-in? (authToken)
OR
Are they hitting logoff and expecting it to remember the username blank later?
/forums/administrators/10627-remember-login.html

rickvv · #3 (**permalink**) 10-08-2007, 05:26 PM

Aaah.
Yes, they've been told to log out. I thought it would remember the username, and then THEY would present the password....

I've been telling the kids to always use the log-off button.
So by properly logging out, the cookies aren't stored. Interesting.
The full 'remember username AND password' concerns me a little in this business, but this will make most of my people happy.

Thanks!
rick

mmorse · #4 (**permalink**) 10-08-2007, 05:35 PM

Then you just set your authToken low

From a security aspect you can control the idle & token, but admins have no way of clearing browser remember blanks, so really this 4.5.x method is more secure; as it avoids even remembering a username and the other functionality is settable.

I wish I could find that RFE, for enabling autofill on that blank for 4.5.x versions (as you want) ... but you may just want to see where this is at after v5 comes out as there's a ton of changes to the login screen anyway & autocomplete=off isn't appended anymore.

Do these as the zimbra user:

To change just the text of "remember me on this computer":
1. cd /opt/zimbra/tomcat/webapps/zimbra/WEB-INF/classes/msg
2. vi ZmMsg.properties and search for 'rememberMe' edit the line or comment this out with a #
3. vi ZhMsg.properties (for the html client) again search for 'rememberMe'
4. tomcat stop/start
Now the checkbox will still be there-so...

To remove check box all together you have 2 options.
1. cd /opt/zimbra/tomcat/webapps/zimbra/js (jetty instead of tomcat in 5.0)
2. gzip -d -S .zgz Ajax_all.js.zgz
3. Search for the following setting: _12e0.showRememberMeCheckbox=true;
4. Change to _12e0.showRememberMeCheckbox=false;
5. Save this File
6. gzip -S .zgz Ajax_all.js
7. tomcat stop/start or a full zmcontrol stop/start
OR
1. cd /opt/zimbra/tomcat/webapps/zimbra/css
2. vi login.css
3. append this line to very top of the file #rememberMe { display: none; }
4.tomcat stop/start

Not prefect for a lab environment, but personally I'm happy with session idle timeout of 1 day (so people can't leave themselves logged in overnight/weekends.) And auth token I usually set to 3 days.

Bug 7958 - Disable "Remember me on this computer" on login screen

Of course everyone will forever inter-mix terms of auto-complete with blank auto-filling & what can be done server side vs browser password remembering etc; it's just one of those things you can't help.
Bug 9253 - Explanation needed for "Remember my Login"