Results 1 to 10 of 10

Thread: Passwords

  1. #1
    LowWalker is offline Junior Member
    Join Date
    Aug 2008
    Posts
    9
    Rep Power
    6

    Default Passwords

    Is it possible for to view end users passwords, now a days with so many connections to one mail box it really sucks to have to reset it to something that could already be just verified.

    Zimbra 5.0.14 on Centos 5.3

  2. #2
    phoenix is offline Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,504
    Rep Power
    57

    Default

    Quote Originally Posted by LowWalker View Post
    Is it possible for to view end users passwords,...
    No, of course you can't, they're encrypted for security.
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  3. #3
    LowWalker is offline Junior Member
    Join Date
    Aug 2008
    Posts
    9
    Rep Power
    6

    Default

    I mean on server side, I guess I will just have to keep side documentation

    But you know what I mean? Blackberry, home PC, work PC, laptop etc...

    Almost all users have at least 2 connections set and supporting your end users can get "fun".

  4. #4
    uxbod's Avatar
    uxbod is offline Moderator
    Join Date
    Nov 2006
    Location
    UK
    Posts
    8,017
    Rep Power
    24

    Default

    Why not authenticate against a single source then ?

  5. #5
    LowWalker is offline Junior Member
    Join Date
    Aug 2008
    Posts
    9
    Rep Power
    6

    Default

    I do want it to auth against a single source. But I also will be doing the end user support for this, so if they "forget" there password, I would rather be able to see it and tell them. If not, I now have to reset it, and have all their connection methods setup with the new password. Just time consuming and a drain. I will just keep a spreadsheet on the side

  6. #6
    Jbrabander's Avatar
    Jbrabander is offline Elite Member
    Join Date
    May 2008
    Location
    Park City, KS
    Posts
    342
    Rep Power
    7

    Default

    If they authenticate against a single source, shouldn't you only have to reset 1 password? What else would you have to be resetting? Sure, the user's other connections will ask for the new password, but that's up to them to enter.

  7. #7
    iway is offline Partner (VAR/HSP)
    Join Date
    May 2008
    Posts
    432
    Rep Power
    7

    Default

    What he means is, you have to enter a newly issued password on many devices (iPhone, Outlook, Mac, Connectors, ...).

  8. #8
    LowWalker is offline Junior Member
    Join Date
    Aug 2008
    Posts
    9
    Rep Power
    6

    Default

    Quote Originally Posted by interways View Post
    What he means is, you have to enter a newly issued password on many devices (iPhone, Outlook, Mac, Connectors, ...).
    Yeaaaah! If I give them the option to change their password, thats fine... if I can see it so when they mess up their account, break their blackberry or whatever other 100 things that happen I can be prepared to tell them what it is.

    Effectively allowing me to only help them setup access on device, instead of all.

  9. #9
    dustys is offline Partner (VAR/HSP)
    Join Date
    Feb 2007
    Location
    Sioux Falls, SD
    Posts
    67
    Rep Power
    8

    Default

    I'll just add my 2 cents, take it or leave it. I completely understand where you are coming from with this, as it has caused me issues while supporting users. But, passwords aren't encrypted ONLY for technical security.

    I've dealt with this question many time and the major reason that I refuse to know user's passwords is from a liability standpoint. If there is a way that I can figure out a user's password, I can 'masquerade' as that user. If there isn't a way to figure the password out (i.e. hashing), then if a user performs an action, I have a level of recourse (non-repudiation), as they are suppose to be the only one who knows the password to the account.

    Not to mention, how do you securely store all of your user's passwords. I know this isn't a big challenge for some, but I've seen more than a few "secret notebooks" or massive spreadsheets.

    Once again, I'm not stating this to be a jerk. Just some background...

    Cheers,
    Dusty
    CoSentry - www.cosentry.com - Co-Location & Business Resiliency Solutions

  10. #10
    LowWalker is offline Junior Member
    Join Date
    Aug 2008
    Posts
    9
    Rep Power
    6

    Default

    I understand the risk, but if you have had to support end users... you get what I mean. I suppose I couldnt encrypt a USB flash drive with the file and keep it on my key chain if audit time rolls around

    Also I am new admin to zimbra, are there any extensions that are good for server or user monitoring besides whats in the package?

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Removing local passwords
    By tslattery in forum Administrators
    Replies: 3
    Last Post: 10-12-2008, 09:33 PM
  2. Domain Administrators passwords
    By Vladimir in forum Administrators
    Replies: 0
    Last Post: 10-04-2007, 01:06 PM
  3. Migrating users with imapsync... without passwords?
    By misleb in forum Installation
    Replies: 6
    Last Post: 08-12-2007, 08:03 AM
  4. Migrating Accounts from LDAP with {crypt} Passwords
    By shanson in forum Administrators
    Replies: 3
    Last Post: 03-11-2006, 04:09 PM
  5. Migrating Accounts from LDAP with Encrypted Passwords
    By andreychek in forum Administrators
    Replies: 3
    Last Post: 12-16-2005, 03:40 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •