3
[15.x] Password Policy
Question asked by Martin Schaible - 10/30/2018 at 3:34 AM
Unanswered
Hello

We have a strong setup for the password policy since years. If i add a user, i choose a strong password which matches the policy. Now i discovered, that a very weak password is still possible. I tested this with a new user which i added as the System Administrator.

I can see the newly added user under "Manage -> Password Policy Compliance".

Any idea, why the password policy does fire by adding a user with a weak password?

Thanks!

Martin

5 Replies

Reply to Thread
1
Martin Schaible Replied
Hello

Any idea?

Thanks!

0
Employee Replied
Employee Post
Martin, in SmarterMail 16.x and below, we allowed account passwords that we set by system administrators to bypass the password requirements.  Part of the thinking was so that system admins could give more easily remembered temporary passwords to their customers.  This has been changed in SmarterMail 17: all passwords will need fit within the password requirements.  I hope this answers your question.
1
Martin Schaible Replied
As you see in the title, i'm on version 15.x.
Therefore my question remains unanswered ;-(

0
Paul Blank Replied
So the question is this:

If, after the administrator sets the new non-compliant password, and the user attempts to change it, does it then trigger the compliance rule?

I haven't tried it, but I suppose I could, so I'm just musing here.


1
Martin Schaible Replied
If the "Server Admin" adds a new user, a impersonation will take place as the "Primay Administrator".  The compliance rule does not take place.

If i log in directly as the "Primay Administrator" of a domain and add a user, does the compliance rule trigger?

Reply to Thread