Hello. ISO/IEC 27001 and PCI DSS, as well as other security standards, have a requirement to periodically change users' passwords.
Does anybody have any thoughts how to implement this in ViMbAdmin?
As far as I can see it, the problem is divided into four parts:
- When (user|admin) sets a password to a mailbox, store current (or expiration?) timestamp in the database;
- Take this timestamp into account when an external system requests mailbox properties;
- Take (or not, depending on company needs) this timestamp into account when user logs in to change his password;
- Periodically check and notify users that their passwords will expire soon.
As 1.-3. can be added as a plugin fairly easily, they require schema modification (OR using field mailbox.modified - is it possible??)
2. requires modified requests to the database (mention it in documentation)
And 4. requires some kind of cron job and a template for mailing notifications.
What do you say?
Hello. ISO/IEC 27001 and PCI DSS, as well as other security standards, have a requirement to periodically change users' passwords.
Does anybody have any thoughts how to implement this in ViMbAdmin?
As far as I can see it, the problem is divided into four parts:
As 1.-3. can be added as a plugin fairly easily, they require schema modification (OR using field
mailbox.modified- is it possible??)2. requires modified requests to the database (mention it in documentation)
And 4. requires some kind of cron job and a template for mailing notifications.
What do you say?