Video Screencast Help
Symantec Secure Login will be live on Connect starting February 25. Get the details here.

Authenticating BrightMail 10.5.1-2 Administrators

Created: 30 Jan 2014 | 1 comment
Amundi's picture
0 Agree
0 Disagree
0 0 Votes
Login to vote

We use 2 kind of accounts

  • Standard accounts with Exchange Mailbox, Office ... with one policy for passwords requirements (length, history, lifetime ...)
  • Administrators accounts without access to a mailbox but with higher rights and privileges than standard accounts, and another policy for handling passwords (tighter than for Standard accounts)

Brightmail V10.5.1-2 offers the possibility to authenticate admin accounts via LDAP. Unfortunately there is no possibility to authenticate an account without a mailbox ! Even if this account belongs to a group or an OU specified with its distinguished name.

While it is possible to administer BrightMail with a local account (only accounts available with previous versions) without a mail address, I have not been able to log-in to the control center using an Active Directory account without an email address.

What are the rationale to require a mailbox if authenticated via LDAP, when there is no such requirement for a local account ?

Additionnally, criteria for complex passwords in Brightmail include minimal length of 8 characters, but it cannot be parametrized to 10 or 15 to match other security policies, and Password lifetime cannot be longer than 90 days.

I really was expecting with this version to be able to handle administrators' accounts in compliance with our internal security policies.

What a shame !!!

I hope this will be inserted shortly into the wishlist for a next version.


Comments 1 CommentJump to latest comment

legoff's picture

I totally agree.  AD authentication should be supported.   This would not only make it compliant to internal security policies, but would also make it easier for managing user access\rights.   Please link Brightmail roles to AD groups for authentication and authorization! 

Login to vote