Zimbra offers Open Source email server software and shared calendar for Linux and the Mac
Go Back   Zimbra :: Forums > Zimbra Collaboration Suite > Administrators
Reload this Page Web Client Login Security

Welcome to the Zimbra :: Forums!
Welcome, if you would like to post a comment please register. We also encourage you to explore all things Zimbra with our team and members of the community.

Reply
 
LinkBack Thread Tools Search this Thread Display Modes
  #1 (permalink)  
Old 03-30-2010, 05:37 AM
mek mek is offline
Active Member
  
Posts: 45
Default Web Client Login Security
This relates to the fact that my company has a lot of remote workers. Security concerns have been raised around someone just going into a business centre at a hotel and then leaving themselves logged into Zimbra with the web client in the history. These type of users are unlikely to respond to training in this area and as long as the window is open for people to be able to do this, it's going to be a problem.

I have it set so that if someone tries to browse away or close the browser they will receive the warning so they can logout.

What I'm wondering is does anyone else have another way to deal with this problem. I would put the server on the VPN so that you have to access it that way but that's going to create problems with those picking up mail with cellphones. The same apples to just allowing access for IP ranges or MAC addresses.

Any thoughts welcomed. The only one I have so far is Mojopac
Reply With Quote
  #2 (permalink)  
Old 03-30-2010, 07:39 AM
Moderator
  
Posts: 1,554
Default
why not set the zimbraMailIdleSessionTimeout for your users?
Reply With Quote
  #3 (permalink)  
Old 03-30-2010, 07:43 AM
mek mek is offline
Active Member
  
Posts: 45
Default
I thought about this also, the default is 2 days I believe?

The only issue I could think here would be that it would be pretty annoying if you use the Web Client as your main interface it's constantly expiring your session.

There is perhaps a happy medium in there though, thanks a lot for your input.
Reply With Quote
  #4 (permalink)  
Old 03-30-2010, 07:54 AM
Moderator
  
Posts: 7,928
Default
Well you have got me thinking about this ... perhaps another approach would be to check the active sessions and if you know somebody should not be logged in at a certain time you could flag it. You can get a list of them using
Code:
su - zimbra
zmsoap -z -t admin GetSessionsRequest @type=soap
__________________
Reply With Quote
  #5 (permalink)  
Old 03-30-2010, 08:01 AM
mek mek is offline
Active Member
  
Posts: 45
Default
That sounds like I a lot of overhead to have to keep checking on that though. With a lot of people in a lot of different countries it's going to be a nightmare to know when people are supposed to be logged on or not.

Doesn't that command only apply to admin users? I'm talking about the standard users here, the admins are no problem
Reply With Quote
  #6 (permalink)  
Old 03-30-2010, 08:04 AM
Moderator
  
Posts: 7,928
Default
The 'admin' means you are making a call to the Admin SOAP interface to get the details. I was just thinking whether there was a way to capture sessions that have been logged in for a long time and disconnect them automatically.
__________________
Reply With Quote
  #7 (permalink)  
Old 03-30-2010, 08:13 AM
mek mek is offline
Active Member
  
Posts: 45
Default
Ah alright. Thanks
Reply With Quote
Reply

« Previous Thread | Today's Posts or Week's Posts | Next Thread »

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes
Linear Mode Linear Mode


Similar Threads

Product Information

Why Join?

Registering let's you ask questions, makes it easier to search, displays any files attached to posts, and notifies you about replies.

blog.zimbra.com


Home - Blog - Contact Us - Archive - Top


 

SEO by vBSEO ©2011, Crawlability, Inc.