[Mailman-Users] Using site password, can't see private roster
Barry A. Warsaw
barry at zope.com
Fri Aug 3 19:23:08 CEST 2001
>>>>> "GW" == Greg Ward <gward at mems-exchange.org> writes:
GW> We have a list ("mems-talk at mems-exchange.org") where the
GW> subscription list is private -- for the list admin's eyes
GW> only. I'm not the list admin (ie. don't have the admin
GW> password for this list), but I do have the site password -- I
GW> can (and do!) use it to access the admin pages for this list,
GW> ie. /mailman/admin/mems-talk.
GW> But when I try to access the roster page,
GW> /mailman/roster/mems-talk, (after having already authenticated
GW> with the site password for the admin page), it tells me
GW> "mems-talk subscriber list requires authentication."
GW> Huh? Isn't the authentication I did to access admin/mems-talk
GW> good enough? Is this one case where the site password isn't
GW> good enough and I need the list password? Or is it a bug?
GW> This is Mailman 2.0.5 under Apache 1.3.19 on Debian Linux 2.2.
I think that's correct because in MM2.0.x CheckCookie() doesn't fall
back to the site password if the list password cookie can't be found.
Note that this /does/ work in MM2.1 because the authentication context
for roster.py is AuthUser -> AuthListModerator -> AuthListAdmin ->
More information about the Mailman-Users