[Users] Reset password from Zimbra when using Active Directory
Barry De Graaff
barrydg at zetalliance.org
Sat Apr 2 15:59:08 CEST 2016
Hello David,
What would be the benefits from using kerberos?
There are some known flaws in the Kerberos implementation for windows
http://www.theregister.co.uk/2015/12/15/devastating_flaw_in_windows_authentication/
The Extension uses 2 an Ldap Bind DN AND uses the existing users's credentials
to change the password. It requires the use of LDAP over SSL (TLS).
For a secure implementation one can create a service account in Windows that can
act as bind dn, with limited access rights (and read-only access on the ldap)
So... Kerberos, would not add much in terms of security, but would add a lot of
complexity to the code.
Anyways, maybe I am missing something, so please explain your comment further.
Thanks, regards, Barry
----- Original Message -----
From: "David Sommerseth" <dazo at eurephia.org>
To: "Jorge de la Cruz" <jdelacruz at zetalliance.org>, "Adam Cody" <ajcody at zetalliance.org>
Cc: users at lists.zetalliance.org
Sent: Saturday, April 2, 2016 2:28:00 PM
Subject: Re: [Users] Reset password from Zimbra when using Active Directory
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 02/04/16 10:10, Jorge de la Cruz wrote:
> I will create couple of Blog Posts and a Wiki around it :)
>
> Why is this not natively in Zimbra?
You're probably in a better position to ask the proper persons about that
;-) But nevermind my snarky comment, not blaming anyone :)
I just wanted to say that I would really appreciate that the Change Password
feature would work using the Kerberos/kpassw protocol. I have no chance to
really check if that works against AD servers, I just think it would be odd
if it doesn't as AD otherwise depend on Kerberos for authentication and SSO.
David S.
> ----- Original Message ----- From: "Adam Cody" <ajcody at zetalliance.org>
> To: "Barry De Graaff" <barrydg at zetalliance.org> Cc:
> users at lists.zetalliance.org Sent: Saturday, April 2, 2016 2:05:55 AM
> Subject: Re: [Users] Reset password from Zimbra when using Active
> Directory
>
> Awesome job. It will be interesting to see how much activity this creates
> in the next couple of months.
>
> -Ajcody
>
> ----- Original Message ----- From: "Barry De Graaff"
> <barrydg at zetalliance.org> To: users at lists.zetalliance.org Sent: Friday,
> April 1, 2016 12:33:38 PM Subject: [Users] Reset password from Zimbra
> when using Active Directory
>
> Hello All,
>
> Today I have confirmed that the ADPassword Zimbra server extension to
> change Active Directory passwords from the Zimbra web client by Antonio
> Messina works with Zimbra 8.6 and Windows 2012 R2 Active Directory.
>
> I have send a pull request with updated documentation to Antonio.
>
> https://github.com/Zimbra-Community/ADPassword
>
> See the readme:
> https://github.com/Zimbra-Community/ADPassword/blob/master/README.md
>
> Also I created a video that demonstrates the readme:
> https://www.youtube.com/watch?v=AYmsdw3tHoU
>
> Also Antonio indicated he is willing to transfer his repository to the
> Zimbra-Community Github, allowing us to work closely together and also
> keeping things bundled together nicely for our users.
>
> Best regards,
>
> Barry
>
>
> Related: https://bugzilla.zimbra.com/show_bug.cgi?id=6697
>
- --
kind regards,
David Sommerseth
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)
iEYEARECAAYFAlb/utAACgkQDC186MBRfrrQfwCdE420Assj/jNq+7+7cpn757Au
1zsAnj7FQz1v05o6DaNafQQmuUFv1SBM
=G8FJ
-----END PGP SIGNATURE-----
More information about the Users
mailing list