Results 1 to 6 of 6

Thread: Show zimbra password policy when entering a new password

  1. #1
    tperrin is offline Junior Member
    Join Date
    Aug 2008
    Location
    Paris, France
    Posts
    9
    Rep Power
    7

    Default Show zimbra password policy when entering a new password

    Hi everyone,

    I was asking myself :

    Is it possible to show the password policy when a user is asked to change his password ?

    For example I have set a CoS in which I make my users change their password every 60 days, and each new password require an upper case, a lower case, a numeric, and 7 letters min.

    As my users easily forget thier minds, when they're asked to change, they never remember the policy...

    Is it possible to show it on the "Change your password / login" page ?

    Thanks

    Thibaut

  2. #2
    uxbod's Avatar
    uxbod is offline Moderator
    Join Date
    Nov 2006
    Location
    UK
    Posts
    8,017
    Rep Power
    24

    Default

    Please vote for Bug 27194 - Bad error message when password too short and add that it would be useful if the password policy was shown to the user.

  3. #3
    tperrin is offline Junior Member
    Join Date
    Aug 2008
    Location
    Paris, France
    Posts
    9
    Rep Power
    7

    Default

    Hi

    Thanks for your guidance !

    Regards,

    Thibaut

  4. #4
    Dirk's Avatar
    Dirk is offline Moderator
    Join Date
    May 2006
    Location
    England.
    Posts
    927
    Rep Power
    10

    Default

    I've thought about this one a number of times in the past, mainly when I'm frustrated by having to explain to the staff for the umpteenth time that their password needs upper and lower case and at least one number.

    The problem though, is that if that information is displayed on the logon page, then it makes brute forcing the passwords a lot simpler.

    If the login screen tells you that the password needs to be at least 8 chars long, then you know you dont need to brute force anything below this.

    Of course, that's all moot if you have account lockout policies set, which pretty much removes the ability to brute force an account.

    I dont know the answer to this one, but I think the client currently gives no information about the policy for security reasons.

  5. #5
    uxbod's Avatar
    uxbod is offline Moderator
    Join Date
    Nov 2006
    Location
    UK
    Posts
    8,017
    Rep Power
    24

    Default

    How about when you set a expiration within a CoS it would email the user a predetermined number of days before explaining that the password will expire and what the policy for it is ? Most of this information should be available via zmprov/SOAP so could be performed outside of the Admin GUI aswell.

  6. #6
    tperrin is offline Junior Member
    Join Date
    Aug 2008
    Location
    Paris, France
    Posts
    9
    Rep Power
    7

    Default

    Maybe you should add this suggestion in the bugzilla ?

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. [SOLVED] Zimbra logwatch.
    By nishith in forum Administrators
    Replies: 5
    Last Post: 06-10-2009, 04:42 PM
  2. Zimbra spam system
    By rajahd in forum Administrators
    Replies: 9
    Last Post: 04-16-2008, 07:25 PM
  3. Replies: 12
    Last Post: 02-24-2008, 12:16 AM
  4. Major Issue - 5.0RC2 NE to 5.0GA NE failed
    By DougWare in forum Installation
    Replies: 7
    Last Post: 01-06-2008, 09:56 PM
  5. Replies: 8
    Last Post: 02-27-2007, 04:10 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •