elmau
/
iredmail-doc
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
iredmail-doc/html/force.user.to.change.passwo...

68 lines
3.7 KiB
HTML
Raw Blame History

<!DOCTYPE html>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Force mail user to change password in 90 days</title>
<link rel="stylesheet" type="text/css" href="./css/markdown.css" />
</head>
<body>
<div id="navigation">
<a href="/index.html" target="_blank">
<img alt="iRedMail web site"
src="./images/logo-iredmail.png"
style="vertical-align: middle; height: 30px;"
/>&nbsp;
<span>iRedMail</span>
</a>
&nbsp;&nbsp;//&nbsp;&nbsp;<a href="./index.html">Document Index</a></div><h1 id="force-mail-user-to-change-password-in-90-days">Force mail user to change password in 90 days</h1>
<h2 id="how-it-works">How it works</h2>
<p>iRedMail configures Roundcube webmail to store last password change date while
user changed password. For MySQL/MariaDB/PostgreSQL backends, it's stored in
SQL database <code>vmail</code>, column <code>mailbox.passwordlastchange</code>. For LDAP backends,
it's stored in LDAP attribute <code>shadowLastChange</code> of user account. If user
didn't change password before, or user account is newly created, the password
last change date will be set to <code>0000-00-00 00:00:00</code>.</p>
<p>iRedAPD has plugin to force mail users to change password before sending email:</p>
<ul>
<li><code>sql_force_change_password_in_days</code>: for SQL backends (MySQL, MariaDB and
PostgreSQL).</li>
<li><code>ldap_force_change_password_in_days</code>: for LDAP backends (OpenLDAP and OpenBSD
built-in LDAP server <code>ldapd(8)</code>).</li>
</ul>
<p>When user trying to send an email, iRedAPD will invoke this plugin to
check password last change date stored in SQL/LDAP and compare
it with current date. if password last change date is longer than specified
days, this plugin rejects smtp session with specified message.</p>
<h2 id="how-to-enable-iredapd-plugin">How to enable iRedAPD plugin</h2>
<p>To enable this plugin, please list the plugin name in iRedAPD config file
<code>/opt/iredapd/settings.py</code>, variable <code>plugins =</code>. For example:</p>
<pre><code class="python"># For SQL backends
plugins = [..., 'sql_force_change_password_in_days']
# For LDAP backends:
plugins = [..., 'ldap_force_change_password_in_days']
</code></pre>
<p>There're two optional settings you can set in <code>/opt/iredapd/settings.py</code>:</p>
<pre><code># User has to change password in certain days. Default is 90 days.
CHANGE_PASSWORD_DAYS = 90
# MTA will reject user's smtp session with below message. You'd better describe
# why user's email was rejected and guide user to change password.
CHANGE_PASSWORD_MESSAGE = 'Please change your password in webmail before sending email: https://xxx/webmail/'
</code></pre>
<p>Then restart iRedAPD service.</p><div class="footer">
<p style="text-align: center; color: grey;">All documents are available in <a href="https://bitbucket.org/zhb/iredmail-docs/src">BitBucket repository</a>, and published under <a href="http://creativecommons.org/licenses/by-nd/3.0/us/" target="_blank">Creative Commons</a> license. You can <a href="https://bitbucket.org/zhb/iredmail-docs/get/tip.tar.bz2">download the latest version</a> for offline reading. If you found something wrong, please do <a href="http://www.iredmail.org/contact.html">contact us</a> to fix it.</p>
</div>
<script type="text/javascript">
(function(i,s,o,g,r,a,m){i['GoogleAnalyticsObject']=r;i[r]=i[r]||function(){
(i[r].q=i[r].q||[]).push(arguments)},i[r].l=1*new Date();a=s.createElement(o),
m=s.getElementsByTagName(o)[0];a.async=1;a.src=g;m.parentNode.insertBefore(a,m)
})(window,document,'script','//www.google-analytics.com/analytics.js','ga');
ga('create', 'UA-3293801-21', 'auto');
ga('send', 'pageview');
</script>
</body></html>
Reference in New Issue View Git Blame Copy Permalink