Authenticating BrightMail 10.5.1-2 Administrators
We use 2 kind of accounts
- Standard accounts with Exchange Mailbox, Office ... with one policy for passwords requirements (length, history, lifetime ...)
- Administrators accounts without access to a mailbox but with higher rights and privileges than standard accounts, and another policy for handling passwords (tighter than for Standard accounts)
Brightmail V10.5.1-2 offers the possibility to authenticate admin accounts via LDAP. Unfortunately there is no possibility to authenticate an account without a mailbox ! Even if this account belongs to a group or an OU specified with its distinguished name.
While it is possible to administer BrightMail with a local account (only accounts available with previous versions) without a mail address, I have not been able to log-in to the control center using an Active Directory account without an email address.
What are the rationale to require a mailbox if authenticated via LDAP, when there is no such requirement for a local account ?
Additionnally, criteria for complex passwords in Brightmail include minimal length of 8 characters, but it cannot be parametrized to 10 or 15 to match other security policies, and Password lifetime cannot be longer than 90 days.
I really was expecting with this version to be able to handle administrators' accounts in compliance with our internal security policies.
What a shame !!!
I hope this will be inserted shortly into the wishlist for a next version.