Administrator's Guide - Kerio Software Archive
Administrator's Guide - Kerio Software Archive Administrator's Guide - Kerio Software Archive
Chapter 13 User accountsDescriptionUser description (e.g. a position in a company). The Description entry is for informativepurposes only. They can contain any type of information or they can be left blank.AuthenticationPossible authentication methods:• Internal user databaseUsers are only authenticated within Kerio MailServer. In this case a password mustbe entered in the Password and Confirm Password fields (the user can then changehis/her password in the Kerio WebMail interface).Warning: Passwords may contain printable symbols only (letters, numbers, punctuationmarks). Password is case-sensitive.• Windows NT domainUsers are authenticated in a Windows NT domain. The NT domain name must be enteredin the email domain properties (Windows NT domain in the Advanced tab). Thisauthentication method can be used only if Kerio MailServer is running on Windows2000/XP/2003. For details, see chapter 7.7.• Kerberos 5Users are authenticated in the Kerberos 5 authentication system.• PAM serviceAuthentication using the PAM service (Pluggable Authentication Module), availableonly in the Linux operating system.• Apple Open DirectoryAuthentication against Apple Open Directory database (only for mailservers installedon a Macintosh). The option can be selected only if the user is mapped from AppleOpen Directory.Password / Confirm PasswordOnly the local user password can be entered or changed. We strongly recommend tochange the password immediately after the account is created.If the password contains special (national) characters, users of some mail clients willnot be able to log in to Kerio MailServer. It is therefore recommend to use only ASCIIcharacters for passwords.Enable a default spam filter ...Upon creating a new user account, check this option to set the antispam rule. All incomingemails marked as spam will be automatically moved to the Junk mail folder. The rulecan be set up only during the process of user account creation. Filtering and rules forincoming email is addressed in Kerio MailServer, User’s Guide.Warning: It is not recommended to create this rule when the user accesses emails viaPOP3. In such case, only the INBOX folder is downloaded to the local client and the useris not able to check if the emails moved to the Spam folder are really spam emails.108
13.2 Creating a user accountStore password in high secure SHA format (recommended)By default, user passwords are encrypted by DES. The Store password in highly secureSHA format allows for a more secure encryption (SHA string). This option has one disadvantage— some methods of Kerio MailServer access authentication (APOP, CRAM-MD5and Digest-MD5) cannot be applied. The only methods available for this option are LOGINand PLAIN (it is highly recommended to use only SSL connection for authentication).If this option is enabled, it is necessary to change the user password. This can be doneeither by administrator or the user (e.g. by Kerio WebMail).Warning: Passwords saved in SHA are supported by Kerio MailServer 6.0.5 and later. Ifa configuration with SHA passwords is applied to an older version of Kerio MailServer,the authentication will not function.Account is disabledTemporary blocking of the account so that you do not have to remove it.Warning: This feature is not identical with account blocking set under Configuration →Advanced Options, on the Security Policy tab (see section 15.6). If the user enters aninvalid password too many times in row and the limit set on the Security Policy tab isreached, the account is blocked automatically. To unblock the accounts, use the Unlockall accounts now button on the Security Policy tab.Step 3 — Mail addressesIn this step, all required email addresses of the user can be defined. The other addresses arecalled aliases. The other addresses are called aliases. These can be defined either during theuser definition or in Domain Settings/Aliases. We recommend to use the first alternative — itis easier and the aliases are available through Active Directory.Note: If user accounts are maintained in Active Directory (see chapter 7.6), their aliases can bedefined in Active Directory Users and Computers. Global aliases (in Domain Settings → Aliases)cannot be defined this way.109
- Page 57 and 58: 6.1 Service Parameter Settings• a
- Page 59 and 60: 6.1 Service Parameter SettingsFigur
- Page 61 and 62: 6.3 TroubleshootingFigure 6.5The De
- Page 63 and 64: Chapter 7DomainsKerio MailServer ca
- Page 65 and 66: 7.2 GeneralFigure 7.2Domain setting
- Page 67 and 68: 7.4 FootersFigure 7.3Domain setting
- Page 69 and 70: 7.5 ForwardingFigure 7.5Domain sett
- Page 71 and 72: 7.6 Setting of Directory ServicesFi
- Page 73 and 74: 7.6 Setting of Directory ServicesFi
- Page 75 and 76: 7.7 Advanced7.7 AdvancedIn the Adva
- Page 77 and 78: 7.8 WebMail Logo3. In the Logging m
- Page 79 and 80: 8.2 Sending High Priority MessagesW
- Page 81 and 82: Chapter 9SchedulingKerio MailServer
- Page 83 and 84: 9.2 Optimal Scheduling9.2 Optimal S
- Page 85 and 86: 10.1 Kerio MailServer CertificateFi
- Page 87 and 88: 10.1 Kerio MailServer Certificate
- Page 89 and 90: 10.2 Install certificates on client
- Page 91 and 92: 10.2 Install certificates on client
- Page 93 and 94: 10.2 Install certificates on client
- Page 95 and 96: 11.3 LanguageIf there is one of the
- Page 97 and 98: 11.3 LanguageFigure 11.1Dictionary
- Page 99 and 100: 12.2 Time IntervalsClick on Add to
- Page 101 and 102: 12.3 Setting Remote AdministrationF
- Page 103 and 104: 10312.3 Setting Remote Administrati
- Page 105 and 106: 13.2 Creating a user accountWarning
- Page 107: 13.2 Creating a user accountFigure
- Page 111 and 112: 13.2 Creating a user accountNote: T
- Page 113 and 114: 13.2 Creating a user accountFigure
- Page 115 and 116: 13.3 Editing User AccountNote: When
- Page 117 and 118: 13.5 Removing user accountsKerio Ma
- Page 119 and 120: 13.9 Administration of mobile devic
- Page 121 and 122: 13.9 Administration of mobile devic
- Page 123 and 124: 13.10 Import Users• MailAddress
- Page 125 and 126: 13.10 Import UsersFor detailed info
- Page 127 and 128: 13.10 Import UsersFigure 13.24Impor
- Page 129 and 130: 13.12 User Account TemplatesNote: C
- Page 131 and 132: Chapter 14User groupsUser accounts
- Page 133 and 134: 14.1 Creating a User GroupGroup add
- Page 135 and 136: 14.1 Creating a User GroupPublish t
- Page 137 and 138: 15.1 Mail Delivery over the Interne
- Page 139 and 140: 15.1 Mail Delivery over the Interne
- Page 141 and 142: 15.2 SMTP serverinterface originall
- Page 143 and 144: 15.2 SMTP serverAuthentication by I
- Page 145 and 146: 15.2 SMTP serverLimit maximum incom
- Page 147 and 148: 15.3 AliasesMaximum number of deliv
- Page 149 and 150: 15.3 AliasesCharacter typea-zA-ZDes
- Page 151 and 152: 15.4 remote POP3 mailboxesFigure 15
- Page 153 and 154: 15.4 remote POP3 mailboxesthe messa
- Page 155 and 156: 15.4 remote POP3 mailboxesFigure 15
- Page 157 and 158: 15.6 Advanced OptionsDescriptionA c
Chapter 13 User accountsDescriptionUser description (e.g. a position in a company). The Description entry is for informativepurposes only. They can contain any type of information or they can be left blank.AuthenticationPossible authentication methods:• Internal user databaseUsers are only authenticated within <strong>Kerio</strong> MailServer. In this case a password mustbe entered in the Password and Confirm Password fields (the user can then changehis/her password in the <strong>Kerio</strong> WebMail interface).Warning: Passwords may contain printable symbols only (letters, numbers, punctuationmarks). Password is case-sensitive.• Windows NT domainUsers are authenticated in a Windows NT domain. The NT domain name must be enteredin the email domain properties (Windows NT domain in the Advanced tab). Thisauthentication method can be used only if <strong>Kerio</strong> MailServer is running on Windows2000/XP/2003. For details, see chapter 7.7.• Kerberos 5Users are authenticated in the Kerberos 5 authentication system.• PAM serviceAuthentication using the PAM service (Pluggable Authentication Module), availableonly in the Linux operating system.• Apple Open DirectoryAuthentication against Apple Open Directory database (only for mailservers installedon a Macintosh). The option can be selected only if the user is mapped from AppleOpen Directory.Password / Confirm PasswordOnly the local user password can be entered or changed. We strongly recommend tochange the password immediately after the account is created.If the password contains special (national) characters, users of some mail clients willnot be able to log in to <strong>Kerio</strong> MailServer. It is therefore recommend to use only ASCIIcharacters for passwords.Enable a default spam filter ...Upon creating a new user account, check this option to set the antispam rule. All incomingemails marked as spam will be automatically moved to the Junk mail folder. The rulecan be set up only during the process of user account creation. Filtering and rules forincoming email is addressed in <strong>Kerio</strong> MailServer, User’s <strong>Guide</strong>.Warning: It is not recommended to create this rule when the user accesses emails viaPOP3. In such case, only the INBOX folder is downloaded to the local client and the useris not able to check if the emails moved to the Spam folder are really spam emails.108