[15.x] Password Policy

Question asked by Martin Schaible - 10/30/2018 at 3:34 AM

Unanswered

Hello

We have a strong setup for the password policy since years. If i add a user, i choose a strong password which matches the policy. Now i discovered, that a very weak password is still possible. I tested this with a new user which i added as the System Administrator.

I can see the newly added user under "Manage -> Password Policy Compliance".

Any idea, why the password policy does fire by adding a user with a weak password?

Thanks!

Martin

5 Replies

Reply to Thread

Martin Schaible Replied

11/10/2018 at 2:28 PM

Hello

Any idea?

Thanks!

Employee Replied

11/12/2018 at 7:35 AM

Employee Post

Martin, in SmarterMail 16.x and below, we allowed account passwords that we set by system administrators to bypass the password requirements. Part of the thinking was so that system admins could give more easily remembered temporary passwords to their customers. This has been changed in SmarterMail 17: all passwords will need fit within the password requirements. I hope this answers your question.

Martin Schaible Replied

11/12/2018 at 8:10 AM

As you see in the title, i'm on version 15.x.
Therefore my question remains unanswered ;-(

Paul Blank Replied

11/12/2018 at 9:42 AM

So the question is this:

If, after the administrator sets the new non-compliant password, and the user attempts to change it, does it then trigger the compliance rule?

I haven't tried it, but I suppose I could, so I'm just musing here.

Martin Schaible Replied

11/13/2018 at 5:29 AM

If the "Server Admin" adds a new user, a impersonation will take place as the "Primay Administrator". The compliance rule does not take place.

If i log in directly as the "Primay Administrator" of a domain and add a user, does the compliance rule trigger?

Back to Community Threads

Please leave this box unchecked

5 Replies

Reply to Thread

Tags

Related Knowledge Base Articles