Attachment #6646 for bug #37690

View | Details | Raw Unified | Return to bug 37690
Collapse All | Expand All

(-)print-services-en.xml (-1 / +1 lines)

Lines 594-600	Link Here

594

595

  <caution>

595

  <caution>

596

	<para>

596

	<para>

597

	  The printer can only be accessed by a regular user when he has local

597

	  The printer can only be accessed by a regular user when they have local

598

	  permissions for driver installation or the respective printer drivers

598

	  permissions for driver installation or the respective printer drivers

599

	  were stored on the printer server. If this is not the case, Windows

599

	  were stored on the printer server. If this is not the case, Windows

600

	  may issue an error warning that the permissions are insufficient to

600

	  may issue an error warning that the permissions are insufficient to

(-)mail-en.xml (-2 / +2 lines)

Lines 536-542	Link Here

536

	  classifier. This compares an incoming e-mail with statistical data

536

	  classifier. This compares an incoming e-mail with statistical data

537

	  already gathered from processed e-mails and uses this to adapt it's

537

	  already gathered from processed e-mails and uses this to adapt it's

538

	  evaluation to the user's e-mail.

538

	  evaluation to the user's e-mail.

539

	  The Bayes classification is controlled by the user himself, whereby

539

	  The Bayes classification is controlled by the user themself, whereby

540

	  e-mails not identified as spam can be placed in the <emphasis>Spam</emphasis>

540

	  e-mails not identified as spam can be placed in the <emphasis>Spam</emphasis>

541

	  subfolder and a selection of legitimate e-mails copied into

541

	  subfolder and a selection of legitimate e-mails copied into

542

	  the <emphasis>Ham</emphasis> subfolder. This folder is evaluated daily and data

542

	  the <emphasis>Ham</emphasis> subfolder. This folder is evaluated daily and data

Lines 770-776	Link Here

770

			  If the setting is <emphasis>no</emphasis>, it will not be

770

			  If the setting is <emphasis>no</emphasis>, it will not be

771

			  possible to read previous e-mails any more once the user's primary e-mail

771

			  possible to read previous e-mails any more once the user's primary e-mail

772

			  address is changed! If another user is assigned a previously used primary

772

			  address is changed! If another user is assigned a previously used primary

773

			  e-mail address, she receives access to the old IMAP structure of this mailbox.

773

			  e-mail address, they receive access to the old IMAP structure of this mailbox.

774

			</para>

774

			</para>

775

		  </listitem>

775

		  </listitem>

776

		</itemizedlist>

776

		</itemizedlist>




	<para>
		Univention Corporate Server offers a cross platform domain concept with a
		common trust context between Linux and/or Windows systems. Within this domain
		users are known to all systems via their username and password stored in the
		&ucsUMS; and can use all services which are authorised for them. The management
		system keeps the account synchronised for the windows log-in, Linux/POSIX
		systems and Kerberos. The management of user accounts is described in
		<xref linkend="users:general"/>.

				The policy makes it possible to search for users and create an overview of all
				the attributes of a user object. If an attempt is made to modify further
				attributes in addition to the password when the user does not have sufficient
				access rights to the LDAP directory, &ucsUDM; denies them write access with the
				message <emphasis>Permission denied</emphasis>.
			</para>
			<caution>

	  authentication information, which allows single sign-on across domain boundaries among other
	  things. UCS provides a SAML identity provider: The external service (e.g., Salesforce) is then
	  securely registered via a cryptographic certificate and trusts the identity provider. The
	  user then only needs to authenticate themself in UCS and can use the mounted service without
	  renewed authentication.
	</para>





                            <para>
                                This selection field can be used to block individual login methods. This
                                can happen automatically for security reasons, for example, if a user has
                                entered their password incorrectly too often, see <xref linkend="users:faillog"/>.
                            </para>
                            <para>
                                Normally users should always be blocked for all login methods.

                    <row>
                        <entry>Change password on next login</entry>
                        <entry>
                            If this checkbox is ticked, then the user has to change their password during
                            the next login procedure.
                        </entry>
                    </row>

				<entry>
				  The period of time set for this must have at least
				  expired since the last password change before a user
				  can reset their password again.
				</entry>
			  </row>


				<entry>
				  Once the saved period of time has elapsed, the
				  password must be changed again by the user the next
				  time they log in. If the value is left blank, the
				  password is infinitely valid.
				</entry>
			  </row>

    <section id="user-management:Password_changes_by_users_via_UMC">
		<title>Password change by user via &ucsUMC;</title>
		<para>
			In &ucsUMC;, every user can reset their password via the
			<guimenu>Change password</guimenu> module. The module can also be opened
			by selecting the <guimenu>Settings &ar; Change password</guimenu>
			entry in the top right user menu.

    <section id="users:faillog">
        <title>Automatic lockout of users after failed login attempts</title>
        <para>
            As standard, a user can enter their password incorrectly any number of times. To
            hinder brute force attacks on passwords, an automatic lockout for user accounts
            can be activated after a configured number of failed log-in attempts. The lockout
            is activated locally per computer system as standard. In other words, if a
            user enters their password incorrectly too many times on one system, they can
            still login on another system. Setting the &ucsUCRV; <envar>auth/faillog/lock_global</envar>
            will make the lock effective globally and register it in the LDAP. The global
            lock can only be set on domain controller master/backup systems as other

(-)windows-en.xml (-2 / +2 lines)

Lines 1509-1516	Link Here

1509

  UCS side on the Samba level alone. If a password change is initiated

1509

  UCS side on the Samba level alone. If a password change is initiated

1510

  by &ucsUDM;, but the password changed in Active Directory, the

1510

  by &ucsUDM;, but the password changed in Active Directory, the

1511

  expiration details for the Kerberos and POSIX passwords are not

1511

  expiration details for the Kerberos and POSIX passwords are not

1512

  changed, so that the user must change his password again if he, for

1512

  changed, so that the user must change their password again if they, for

1513

  example, logs on to a thin client.

1513

  example, log on to a thin client.

1514

</para>

1514

</para>

1515

</listitem>

1515

</listitem>

1516

<listitem>

1516

<listitem>

(-)shares-en.xml (-1 / +1 lines)

Lines 374-380	Link Here

374

		<entry>

374

		<entry>

375

		  This username and its permissions and primary group is used for performing all the

375

		  This username and its permissions and primary group is used for performing all the

376

		  file operations of accessing users. The username is only used once the user has

376

		  file operations of accessing users. The username is only used once the user has

377

		  established a connection to the Samba share by using his real username and

377

		  established a connection to the Samba share by using their real username and

378

		  password. A common username is useful for using data in a shared way, yet

378

		  password. A common username is useful for using data in a shared way, yet

379

		  improper application might cause security problems.

379

		  improper application might cause security problems.

380

		</entry>

380

		</entry>

Return to bug 37690