Secure Password Policy on Zimbra - Complete guide to configure



Are you trying to configure Secure Password Policy on Zimbra?


This guide will help you through.

Generally, by default, Zimbra does not enforce any strong password requirements for a user account. This poses a risk of the account being compromised and ultimately used for spamming.
As part of our Server Management Services here at Ibmi Media, we regularly help our Customers to Perform Software Installation tasks.


Now let us see the steps to set Secure Password Policy on Zimbra.

How to configure Secure Password Policy on Zimbra?

For a zimbra server in production, follow the steps given below;
1. Start by checking the current password settings on the Zimbra server. To do this, execute the commands:

$ sudo su – zimbra
$ zmprov gac -v | grep Password | sort | uniq

To get the following output;

zimbraFeatureChangePasswordEnabled: TRUEzimbra

MobilePolicyAllowSimpleDevicePassword: FALSE

zimbraMobilePolicyAlphanumericDevicePasswordRequired: FALSEzimbraMobilePolicyDevicePasswordEnabled: TRUE

zimbraMobilePolicyDevicePasswordExpiration: 0zimbraMobilePolicyDevicePasswordHistory: 8

zimbraMobilePolicyMaxDevicePasswordFailedAttempts: 4

zimbraMobilePolicyMinDevicePasswordComplexCharacters: 0

zimbraMobilePolicyMinDevicePasswordLength: 4

zimbraMobilePolicyPasswordRecoveryEnabled: TRUE

zimbraPasswordEnforceHistory: 0

zimbraPasswordLocked: FALSE

zimbraPasswordLockoutDuration: 1h

zimbraPasswordLockoutEnabled: FALSE

zimbraPasswordLockoutFailureLifetime: 1h

zimbraPasswordLockoutMaxFailures: 10

zimbraPasswordMaxAge: 0

zimbraPasswordMaxLength: 64

zimbraPasswordMinAge: 0

zimbraPasswordMinAlphaChars: 0

zimbraPasswordMinDigitsOrPuncs: 0

zimbraPasswordMinLength: 6

zimbraPasswordMinLowerCaseChars: 0

zimbraPasswordMinNumericChars: 0

zimbraPasswordMinPunctuationChars: 0

zimbraPasswordMinUpperCaseChars: 0

zimbraPasswordMinUpperCaseChars: 1


Basically, the key items to be keen on are:
zimbraPasswordMaxAge: Set the maximum time the password will remain valid
zimbraPasswordLockoutMaxFailures: The number of failed login attempts
zimbraPasswordMinLength: The minimum length of the password
zimbraPasswordMinNumericChars: The minimum number of numeric characters in the password
zimbraPasswordMinUpperCaseChars: The minimum number of uppercase character required in a password


2. Now that we have seen the key parameters we need to modify, you have to apply them to the server.
Use the settings as shown below:
zimbraPasswordMaxAge: 90 –> In days
zimbraPasswordMinLength: 7
zimbraPasswordLockoutMaxFailures: 5
zimbraPasswordMinNumericChars: 1
zimbraPasswordMinUpperCaseChars: 1

How to Change password policy settings on Zimbra Admin web interface?

It is possible to set password policy from web UI.
To do this, navigate to: "Home > Configure > Class of Service > default | defaultExternal > Advanced".
Then, you will see a section for password policy modification. Here, change the values and save.


How to Change password policy settings on Zimbra CLI?

It is also possible to change the settings from the CLI. The command to use is given below:

$ zmprov mc <cos-name> <parameter> <value>

Then, if we do not know the list of class of service, check with the command:

$ zmprov gac
default
defaultExternal

For more details about a particular cos, we use:

$ zmprov gc default

For example, to ensure there is an uppercase character and a number on the password, we execute:

$ sudo su – zimbra
$ zmprov mc default zimbraPasswordMinNumericChars 1
$ zmprov mc default zimbraPasswordMinUpperCaseChars 1
$ zmprov mc default zimbraPasswordLockoutMaxFailures 5


Finally, follow the same syntax for all other parameters which can be changed.

[Need help to Configure Secure Password Policy on Zimbra? We are available to assist you today.]


Conclusion

In summary, Zimbra does not enforce any strong password requirements for a user account. This poses a risk of the account being compromised and ultimately used for spamming. This article will help to configure Secure Password Policy on Zimbra.


Related Post


Keep In Touch

We hope to hear from you.

Accept File Type: jpg,jpeg,png,txt,pdf,doc,docx