[Mailman-Users] Subscribers accessing private list archives

Mark Sapiro mark at msapiro.net
Fri Aug 19 18:14:01 CEST 2011 

Geoff Shang wrote:

>On Fri, 19 Aug 2011, Prietz, Ian wrote:
>
>> I am looking for a way to give subscribers a generic password that would 
>> authenticate them to be able to view the archives (so they can revisit 
>> any past messages). Note, I do not want them to be able to access their 
>> subscriber settings to be able to unsubscribe themselves. I would almost 
>> like to just have everyone be given a generic password (that I could 
>> give out upon request), so they can view the private archives. That's 
>> all.
>
>I would set the archives to be public, but require authentication through 
>the webserver for this area of the site.  If you can use .htaccess files, 
>you might be able to require that a password be entered to access 
>/pipermail/<listname> under your domain.
>
>since I admin my own servers, I don't know how easy this would be to do, 
>but someone here would.


This is a good idea, but since the OP's Mailman is hosted and the OP
doesn't have access to the host server, it would require that the host
admins install the .htaccess files and maintain the 'htpasswd' files
for authentication. They may be willing to do this as the .htaccess
files could be installed per list as
archives/private/LISTNAME/.htaccess. This also requires that the
archives/private/LISTNAME/ directories be directly or indirectly
"AllowOverride AuthConfig".

Another possibility is that since all users have a password whether
they know it or not, you could set the password to a known generic
value for all users. I wouldn't advise this however, as it would allow
any user to access any other user's options with the same password.

That raises another question. Since this is a hosted Mailman, I would
assume it is pretty "vanilla" so presumably, you prevent users from
unsubscribing by setting unsubscribe_policy to Yes, otherwise they
could easily unsubscribe by email, but how do you prevent them from
requesting a password reminder from the options login page and then
using it to login and change their options, e.g. set mail delivery off.

-- 
Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan

More information about the Mailman-Users mailing list