Passwords

[LowWalker]

Is it possible for to view end users passwords, now a days with so many connections to one mail box it really sucks to have to reset it to something that could already be just verified.

Zimbra 5.0.14 on Centos 5.3

[phoenix]

Quote:

Originally Posted by LowWalker

Is it possible for to view end users passwords,...

No, of course you can't, they're encrypted for security.

[LowWalker]

I mean on server side, I guess I will just have to keep side documentation

But you know what I mean? Blackberry, home PC, work PC, laptop etc...

Almost all users have at least 2 connections set and supporting your end users can get "fun".

[uxbod]

Why not authenticate against a single source then ?

[LowWalker]

I do want it to auth against a single source. But I also will be doing the end user support for this, so if they "forget" there password, I would rather be able to see it and tell them. If not, I now have to reset it, and have all their connection methods setup with the new password. Just time consuming and a drain. I will just keep a spreadsheet on the side

[Jbrabander]

If they authenticate against a single source, shouldn't you only have to reset 1 password? What else would you have to be resetting? Sure, the user's other connections will ask for the new password, but that's up to them to enter.

[iway]

What he means is, you have to enter a newly issued password on many devices (iPhone, Outlook, Mac, Connectors, ...).

[LowWalker]

Quote:

Originally Posted by interways

What he means is, you have to enter a newly issued password on many devices (iPhone, Outlook, Mac, Connectors, ...).

Yeaaaah! If I give them the option to change their password, thats fine... if I can see it so when they mess up their account, break their blackberry or whatever other 100 things that happen I can be prepared to tell them what it is.

Effectively allowing me to only help them setup access on device, instead of all.

[dustys]

I'll just add my 2 cents, take it or leave it. I completely understand where you are coming from with this, as it has caused me issues while supporting users. But, passwords aren't encrypted ONLY for technical security.

I've dealt with this question many time and the major reason that I refuse to know user's passwords is from a liability standpoint. If there is a way that I can figure out a user's password, I can 'masquerade' as that user. If there isn't a way to figure the password out (i.e. hashing), then if a user performs an action, I have a level of recourse (non-repudiation), as they are suppose to be the only one who knows the password to the account.

Not to mention, how do you securely store all of your user's passwords. I know this isn't a big challenge for some, but I've seen more than a few "secret notebooks" or massive spreadsheets.

Once again, I'm not stating this to be a jerk. Just some background...

Cheers,
Dusty

[LowWalker]

I understand the risk, but if you have had to support end users... you get what I mean. I suppose I couldnt encrypt a USB flash drive with the file and keep it on my key chain if audit time rolls around

Also I am new admin to zimbra, are there any extensions that are good for server or user monitoring besides whats in the package?