Results 1 to 4 of 4

Thread: Keep Zimbra access, lock user on system

  1. #1
    gdseas is offline Junior Member
    Join Date
    Jun 2012
    Location
    USA
    Posts
    8
    Rep Power
    3

    Default Keep Zimbra access, lock user on system

    Hello,

    I am having a strange problem. Our company's security policy requires me to lock user accounts if they don't use interactive (ex. SSH) access to the server. But the users should maintain access to their Zimbra-based IMAP mail.

    Is there a way to lock the user account but allow the user to have access to their email via the web interface and desktop mail client?

    Thank you,
    Greg

  2. #2
    Crayz9000 is online now Senior Member
    Join Date
    Feb 2012
    Location
    Las Vegas
    Posts
    65
    Rep Power
    3

    Default

    Since I'm guessing you're using external authentication for Zimbra...

    The only thing I can think of would be to lock the Unix accounts by setting their shell to something like /bin/false, which will prevent them from any remote or local logins. Since Zimbra doesn't care about what shell they use, that should work fine.
    Release 8.0.7.GA.6021.UBUNTU12.64 FOSS Edition

  3. #3
    gdseas is offline Junior Member
    Join Date
    Jun 2012
    Location
    USA
    Posts
    8
    Rep Power
    3

    Default

    Quote Originally Posted by gdseas View Post
    Hello,

    I am having a strange problem. Our company's security policy requires me to lock user accounts if they don't use interactive (ex. SSH) access to the server. But the users should maintain access to their Zimbra-based IMAP mail.

    Is there a way to lock the user account but allow the user to have access to their email via the web interface and desktop mail client?

    Thank you,
    Greg
    Worked like a charm! Thank you! Yes, this solved my problem.

    Warm regards,

  4. #4
    bofh is offline Elite Member
    Join Date
    May 2010
    Posts
    272
    Rep Power
    5

    Default

    Quote Originally Posted by gdseas View Post
    Worked like a charm! Thank you! Yes, this solved my problem.

    Warm regards,
    Yes setting the shell is a quick dirty fix
    but if you do so please /bin/nologin if availble - bin/false i remeber some issues with that (dont ask me what exactly too long ago i dropped it ))

    in addition - i would really think - if those policies are so thight - to real tighen up the security there.
    ssh access directly isnt the finest thing.

    for example you could allow ssh opnly by vpn (like openvpn) and deny access to ssh already on that layer
    theres a lot possible with openvpn cause is fully scriptable (you could even authenticate passwords and logins from the zimbra server or another ldap and bin em to the certificate )

    but serisously why not using zimbra s auth plattform (or another ldap) there you can specify if user should have access to what service.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Hacking attempts lock out user
    By rusty in forum Administrators
    Replies: 11
    Last Post: 05-21-2012, 01:59 PM
  2. Fetch user information from Zimbra access.log
    By saroj.cs in forum Administrators
    Replies: 0
    Last Post: 01-11-2012, 03:19 AM
  3. Obtaining zimbra user command line access in the ZCA
    By zelthian in forum Virtualization
    Replies: 1
    Last Post: 06-15-2011, 01:03 PM
  4. Why zimbra user access web admin on 7071?
    By get2guy in forum Administrators
    Replies: 1
    Last Post: 05-23-2011, 01:50 PM

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •