Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision Next revisionBoth sides next revision | ||
| public:passwd_change [2023-02-14 16:29] – vesely | public:passwd_change [2023-02-14 16:41] – vesely | ||
|---|---|---|---|
| Line 12: | Line 12: | ||
| ==== for Domain account [D] ==== | ==== for Domain account [D] ==== | ||
| + | |||
| + | {{: | ||
| //Username is usualy in the format **nsurname** | //Username is usualy in the format **nsurname** | ||
| Line 25: | Line 27: | ||
| ==== Email Accounts Passwords ==== | ==== Email Accounts Passwords ==== | ||
| + | |||
| + | {{: | ||
| === for Zimbra email Exchange [X] === | === for Zimbra email Exchange [X] === | ||
| + | |||
| + | {{: | ||
| [[https:// | [[https:// | ||
| Line 41: | Line 47: | ||
| === for Zimbra Archive [A] === | === for Zimbra Archive [A] === | ||
| + | |||
| + | {{: | ||
| [[https:// | [[https:// | ||
| Line 52: | Line 60: | ||
| </ | </ | ||
| - | === | + | |
| + | ---- | ||
| + | |||
| + | ===== MORE DETAILED INFORMATION | ||
| + | |||
| + | ==== Locking the account and mailbox ==== | ||
| + | |||
| + | Account is temporarily locked after several unsuccessful logon attempts with wrong password to avoid abuse and brute force password breaking. \\ | ||
| + | There are three significant parameters of this feature: | ||
| + | |||
| + | * permissible number of failed attempts; | ||
| + | * time window of fails; | ||
| + | * timeout of unlocking. | ||
| + | |||
| + | The account is locked if the number of allowed fails is exceeded. Failed attempts are counted during the time window. If logon attempts with wrong password stop, the counter is reset after the time window is over. If the account is locked, after the quarantine time it is unlocked again. \\ \\ | ||
| + | <WRAP round center box important 60%> | ||
| + | |||
| + | Smartphones usually use remembered password repeatedly regardless of its validity. Than you can easily lock the mailbox unintentionally.</ | ||
| + | |||
| + | ==== Threshold parameters - Active Directory ==== | ||
| + | |||
| + | The Active Directory (shortly AD) serves as authentication authority for local network shares, desktop login, internal web pages, CEIS, CMS, Reporting etc. \\ \\ | ||
| + | Account lockout duration: **3 minutes** \\ | ||
| + | Account lockout threshold: **7 invalid logon attempts** \\ | ||
| + | Account lockout counter reset: **after 3 minutes** | ||
| + | |||
| + | ==== Threshold parameters - Zimbra mailer ==== | ||
| + | |||
| + | Number of consecutive failed logons allowed: **10** \\ | ||
| + | Time to lockout the account: **30 minutes** \\ | ||
| + | Time window in which the failed logons must occur to lock the account: **1 hour** \\ \\ | ||
| + | Although the AD account is locked earlier, it is also quickly unlocked. If the attack over the mailer persists, the lock on the mailer is activated for a longer period and produces no new lock of the AD account. | ||
| ===== FACTS / HINTS ===== | ===== FACTS / HINTS ===== | ||
| Line 78: | Line 118: | ||
| * **Check/ | * **Check/ | ||
| * **Email client usually requires both IMAP (incoming) and SMTP (outgoing) passwords to be set** | * **Email client usually requires both IMAP (incoming) and SMTP (outgoing) passwords to be set** | ||
| - | ===== MORE DETAILED INFORMATION ===== | ||
| - | **Locking the account and mailbox** \\ \\ | ||
| - | Account is temporarily locked after several unsuccessful logon attempts with wrong password to avoid abuse and brute force password breaking. \\ | ||
| - | There are three significant parameters of this feature: | ||
| - | |||
| - | * permissible number of failed attempts; | ||
| - | * time window of fails; | ||
| - | * timeout of unlocking. | ||
| - | |||
| - | The account is locked if the number of allowed fails is exceeded. Failed attempts are counted during the time window. If logon attempts with wrong password stop, the counter is reset after the time window is over. If the account is locked, after the quarantine time it is unlocked again. \\ \\ | ||
| - | <WRAP round center box important 60%> | ||
| - | |||
| - | Smartphones usually use remembered password repeatedly regardless of its validity. Than you can easily lock the mailbox unintentionally.</ | ||
| - | |||
| - | __**Threshold parameters - Active Directory**__ | ||
| - | The Active Directory (shortly AD) serves as authentication authority for local network shares, desktop login, internal web pages, CEIS, CMS, Reporting etc. \\ \\ | ||
| - | Account lockout duration: **3 minutes** \\ | ||
| - | Account lockout threshold: **7 invalid logon attempts** \\ | ||
| - | Account lockout counter reset: **after 3 minutes** \\ \\ __**Threshold parameters - Zimbra mailer**__ | ||
| - | Number of consecutive failed logons allowed: **10** \\ | ||
| - | Time to lockout the account: **30 minutes** \\ | ||
| - | Time window in which the failed logons must occur to lock the account: **1 hour** \\ \\ | ||
| - | Although the AD account is locked earlier, it is also quickly unlocked. If the attack over the mailer persists, the lock on the mailer is activated for a longer period and produces no new lock of the AD account. | ||
| ===== Links ===== | ===== Links ===== | ||