Admin constantly prompted for password

Discuss your pilot or production implementation with other Zimbra admins or our engineers.
Post Reply
zim_mike
Outstanding Member
Outstanding Member
Posts: 333
Joined: Sat Sep 13, 2014 3:26 am

Admin constantly prompted for password

Post by zim_mike »

I'm running 8.8 and lately, I'm being prompted for the admin password repeatedly.
Sometimes it doesn't do this for days, a week but eventually, I'm promoted when I know I've already changed it and confirmed it.
The odd thing is, no one else has access to this server and I'm not changing it.
In fact, a few days ago, to test, I changed the admin password to never having to expire and,, yet again, I'm being prompted for it.
I've also run the 'zimbraAccountStatus active' in case it's getting blocked somehow but still no change.

Is this server hacked?
zim_mike
Outstanding Member
Outstanding Member
Posts: 333
Joined: Sat Sep 13, 2014 3:26 am

Re: Admin constantly prompted for password

Post by zim_mike »

I'm the only person running Zimbra that is seeing this weird thing?
phoenix
Ambassador
Ambassador
Posts: 27279
Joined: Fri Sep 12, 2014 9:56 pm
Location: Liverpool, England

Re: Admin constantly prompted for password

Post by phoenix »

Have you scanned your server to see if it's been 'hacked' and have you looked in the log files to see if there's any login (attempts) by the admin account that has occurred when it wasn't one of your attempts? I don't know if you do this but you should also use secure passwords on your server, I started doing this a while back and I use a 20 character random generated alpha-numeric and symbols - apparently this would take 8 million years to break that password according to one site. :)
Regards

Bill

Rspamd: A high performance spamassassin replacement

Per ardua ad astra
zim_mike
Outstanding Member
Outstanding Member
Posts: 333
Joined: Sat Sep 13, 2014 3:26 am

Re: Admin constantly prompted for password

Post by zim_mike »

I've done all the basics, checking the logs, looking for admin logins that aren't my IP, changing passwords regularly, looking at processes and to see if there's someone else on the server. I've never found anything that makes me think anyone is and the server is constantly monitored and is not sending spam. There are only a handful of accounts on it as it's used to send emails to members.

That's why this is perplexing to me and why I posted. It's Centos so I guess I could find a scanner but it's monitored very closely and never seen any out of the usual usage.
Post Reply