starred/ViMbAdmin-opensolutions
1
0
Fork 0
mirror of https://github.com/opensolutions/ViMbAdmin.git synced 2026-04-26 00:36:00 +03:00
Code Issues 16 Projects Releases 10 Packages Wiki Activity

[GH-ISSUE #316] Set/control password lifetime and expiration? #253

New issue
Open
opened 2026-02-26 10:30:26 +03:00 by kerem · 2 comments
kerem commented 2026-02-26 10:30:26 +03:00
Owner
Copy link

Originally created by @dmitrydonskih on GitHub (Aug 1, 2024).
Original GitHub issue: https://github.com/opensolutions/ViMbAdmin/issues/316

Hello. ISO/IEC 27001 and PCI DSS, as well as other security standards, have a requirement to periodically change users' passwords.
Does anybody have any thoughts how to implement this in ViMbAdmin?

As far as I can see it, the problem is divided into four parts:

  1. When (user|admin) sets a password to a mailbox, store current (or expiration?) timestamp in the database;
  2. Take this timestamp into account when an external system requests mailbox properties;
  3. Take (or not, depending on company needs) this timestamp into account when user logs in to change his password;
  4. Periodically check and notify users that their passwords will expire soon.

As 1.-3. can be added as a plugin fairly easily, they require schema modification (OR using field mailbox.modified - is it possible??)
2. requires modified requests to the database (mention it in documentation)
And 4. requires some kind of cron job and a template for mailing notifications.

What do you say?

Originally created by @dmitrydonskih on GitHub (Aug 1, 2024). Original GitHub issue: https://github.com/opensolutions/ViMbAdmin/issues/316 Hello. **ISO/IEC 27001** and **PCI DSS**, as well as other security standards, have a requirement to periodically change users' passwords. Does anybody have any thoughts how to implement this in ViMbAdmin? As far as I can see it, the problem is divided into four parts: 1. When (user|admin) sets a password to a mailbox, store current _(or expiration?)_ timestamp in the database; 2. Take this timestamp into account when an external system requests mailbox properties; 3. Take (or not, depending on company needs) this timestamp into account when user logs in to change his password; 4. Periodically check and notify users that their passwords will expire soon. As 1.-3. can be added as a plugin fairly easily, they require schema modification (_OR using field `mailbox`.`modified` - is it possible??_) 2. requires modified requests to the database (mention it in documentation) And 4. requires some kind of cron job and a template for mailing notifications. What do you say?
kerem commented 2026-02-26 10:30:26 +03:00
Author
Owner
Copy link

@dereckson commented on GitHub (Oct 13, 2024):

(just a small note a profile control panel linked to a SSO or at least a LDAP is probably more convenient to centrally control the password lifecycle than to hunt it in every application / that would be a nightmare to audit and certify if each application used in a domain has its own procedure to force users to change passwords)

<!-- gh-comment-id:2409382943 --> @dereckson commented on GitHub (Oct 13, 2024): (just a small note a profile control panel linked to a SSO or at least a LDAP is probably more convenient to centrally control the password lifecycle than to hunt it in every application / that would be a nightmare to audit and certify if each application used in a domain has its own procedure to force users to change passwords)
kerem commented 2026-02-26 10:30:27 +03:00
Author
Owner
Copy link

@dmitrydonskih commented on GitHub (Oct 14, 2024):

(just a small note a profile control panel linked to a SSO or at least a LDAP is probably more convenient to centrally control the password lifecycle than to hunt it in every application

Yes, but ViMmAdmin is that very application which keeps and manages passwords, and it IS by design a source of credentials for SMTP/IMAP server - so this functionality is a must for it.

<!-- gh-comment-id:2410603126 --> @dmitrydonskih commented on GitHub (Oct 14, 2024): > (just a small note a profile control panel linked to a SSO or at least a LDAP is probably more convenient to centrally control the password lifecycle than to hunt it in every application Yes, but ViMmAdmin is that very application which keeps and manages passwords, and it **IS** by design a source of credentials for SMTP/IMAP server - so this functionality is a must for it.
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
master
dependabot/composer/smarty/smarty-4.3.1
v2
3.4.1
3.4.0
3.3.0
3.2.1
3.2.0
3.1.1
3.1.0
3.0.15
3.0.14
3.0.13
3.0.12
3.0.11
2.2.4
3.0.10
3.0.9
3.0.8
3.0.7
3.0.6
3.0.5
3.0.4
3.0.3
3.0.2
3.0.1
3.0.0
2.2.3
2.2.2
2.2.1
2.2.0
2.1.0
2.0.8
2.0.7
2.0.6
2.0.5
2.0.4
2.0.3
2.0.2
2.0.1
2.0.0
0.3.4
0.3.3
0.3.2
0.3.1
0.3
Labels
Clear labels   
bug

   
feature

   
feature

   
improvement

   
improvement

   
pull-request

Mirrored from GitHub Pull Request

No labels
bug
feature
feature
improvement
improvement
pull-request
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/ViMbAdmin-opensolutions#253
No description provided.