Ease multiple password changes

sunshineautomate

I’m using Active Directory as an Identity provider for mailcow. It is working very well. My concern is when passwords are changed. If the user changes their password in Windows. The password must then be altered in three places. Once in Outlook and two in the Synchroniser plugin. I beleive this is the same for Thunderbird. Is there a way to ease this so that the password can just be changed once for the email client only.

esackbauer

This is why you must use app passwords (in users mailcow UI). When configuring the email client you create the app password for that specific client. Do not write it down or store it. If you need to configure the email client again, just create a new app password.
That way client software will be independent from Active Directory passwords (and its enforced changes), which will only be used for accessing mailcow UI.
Think of the app passwords as an access token with unlimited validity. As it is never entered again, it is not prone to phishing attacks.

sunshineautomate

Ok solid. Thanks for the heads up.