GMS and blank password security testing.

Is there any documentation that states categorically whether or not a passwordless mailbox can be authenticated to via GMS? If not, is there a client like tool that I can test GMS logon without a password?

All ActiveSync clients and tools that I have tried so far require a password be entered on the client side before the tool will attempt to authenticate. Is there one that will test with a null password?

Parents
  • 0  

    As far as I know a passwordless login is only possible with a GroupWise Windows client (if enabled); but is not recommended.

    Any other clients will need a password. Web client, GMS, IMAP clients, ....


    Use "Verified Answers" if your problem/issue has been solved!

  • Suggested Answer

    0   in reply to   

    Typically there is an LDAP authentication set on a PO and that inforces to use directory passwords. A GW client can work via SSO without providing a password directly within the client .. but there is already an authentication behind .. user must logon with AD account. So it is only "skipping" passwords for the application. I am not aware of a device that can use an SSO.

    The entire concept of SSL enabledSOAP / trusted application used by GMS implies security requirements where I do not see a point in login without any pwd. Although I have not seen that written directly, I suspect we would not allow such login.

Reply
  • Suggested Answer

    0   in reply to   

    Typically there is an LDAP authentication set on a PO and that inforces to use directory passwords. A GW client can work via SSO without providing a password directly within the client .. but there is already an authentication behind .. user must logon with AD account. So it is only "skipping" passwords for the application. I am not aware of a device that can use an SSO.

    The entire concept of SSL enabledSOAP / trusted application used by GMS implies security requirements where I do not see a point in login without any pwd. Although I have not seen that written directly, I suspect we would not allow such login.

Children
No Data