Does anyone know of a mailman addon that will disable user passwords. Does anyone know if this issues was resolved in 2.1 Can anyone just explain the new password for users and administrators. I am looking on the website, but could use a knowledgeable persons explanation.
Thanks
Melinda Gilmore wrote:
Does anyone know of a mailman addon that will disable user passwords.
Disable in what sense? In the sense of allowing anyone to change a user's options or visit private archives without any form of authentication, or with some authentication method other than a password? If that's what you mean, then I'm not aware of anything.
If you just mean not telling users about the password and not sending reminders, you can set a list to not send reminders (General Options->send_reminders), and you can edit the list welcome message and listinfo templates to remove the password references.
Does anyone know if this issues was resolved in 2.1
I don't understand what 'resolution' you're looking for.
Have you seen <http://www.list.org/mailman-member/index.html>?
If you are asking why there is a password, the password is required to authenticate the user before allowing the user to change her subscription options via web or email, obtain a private roster available to list members via web or email or view private archives.
If the user doesn't want to do any of these things, she doesn't need to know a password.
-- Mark Sapiro <mark@msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan
I am sorry I was not very clear. One of our issues is the password needed for user to unsubscribe. It will be a big change at this time from what we are using (Listproc). Someone seems to think there is some addon that will disable this?
The other issue is that we are used to being able to look at the config file and see the password. The complication is that multiple list owners share a single administrator password --so if one owner forgets the passwored, if we can't look it up for them, then a reset would cause every other owner on the list to NOT know the current password.
-----Original Message----- From: Mark Sapiro [mailto:mark@msapiro.net] Sent: Monday, November 26, 2007 3:53 PM To: Melinda Gilmore; mailman-users@python.org Subject: Re: [Mailman-Users] Password addon
Melinda Gilmore wrote:
Does anyone know of a mailman addon that will disable user passwords.
Disable in what sense? In the sense of allowing anyone to change a user's options or visit private archives without any form of authentication, or with some authentication method other than a password? If that's what you mean, then I'm not aware of anything.
If you just mean not telling users about the password and not sending reminders, you can set a list to not send reminders (General Options->send_reminders), and you can edit the list welcome message and listinfo templates to remove the password references.
Does anyone know if this issues was resolved in 2.1
I don't understand what 'resolution' you're looking for.
Have you seen <http://www.list.org/mailman-member/index.html>?
If you are asking why there is a password, the password is required to authenticate the user before allowing the user to change her subscription options via web or email, obtain a private roster available to list members via web or email or view private archives.
If the user doesn't want to do any of these things, she doesn't need to know a password.
-- Mark Sapiro <mark@msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan
-- BEGIN-ANTISPAM-VOTING-LINKS
Teach CanIt if this mail (ID 484260817) is spam: Spam: https://antispam.osu.edu/b.php?c=s&i=484260817&m=32b41e7fbde7 Not spam: https://antispam.osu.edu/b.php?c=n&i=484260817&m=32b41e7fbde7 Forget vote: https://antispam.osu.edu/b.php?c=f&i=484260817&m=32b41e7fbde7
END-ANTISPAM-VOTING-LINKS
Melinda Gilmore wrote:
You don't need a password to unsubscribe. You only need a password to unsubscribe without responding to a confirmation email.
Here you are talking about list admin and/or moderator passwords, not user passwords. User passwords are in fact kept in the list's configuration file in plain text and can be 'looked up', although not conveniently. You are correct that the list's admin and moderator passwords are encrypted and cannot be retrieved in plain text. I know of no way to avoid the problem you describe above in current Mailman.
If I were in your position, I would just ask one of the other admins for the password.
Note, that you also have the issue that one admin who knows the password can change it and lock out the other admins.
This will all change in Mailman 3, but not before. The plan for Mailman 3 is to have a user database separate from the lists. Each user will have a password (or possibly other authentication method) and roles such as owner of list1, moderator of list2, member of list1, list2, list3, list4.
-- Mark Sapiro <mark@msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan
Melinda Gilmore wrote:
Does anyone know of a mailman addon that will disable user passwords.
Disable in what sense? In the sense of allowing anyone to change a user's options or visit private archives without any form of authentication, or with some authentication method other than a password? If that's what you mean, then I'm not aware of anything.
If you just mean not telling users about the password and not sending reminders, you can set a list to not send reminders (General Options->send_reminders), and you can edit the list welcome message and listinfo templates to remove the password references.
Does anyone know if this issues was resolved in 2.1
I don't understand what 'resolution' you're looking for.
Have you seen <http://www.list.org/mailman-member/index.html>?
If you are asking why there is a password, the password is required to authenticate the user before allowing the user to change her subscription options via web or email, obtain a private roster available to list members via web or email or view private archives.
If the user doesn't want to do any of these things, she doesn't need to know a password.
-- Mark Sapiro <mark@msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan
I am sorry I was not very clear. One of our issues is the password needed for user to unsubscribe. It will be a big change at this time from what we are using (Listproc). Someone seems to think there is some addon that will disable this?
The other issue is that we are used to being able to look at the config file and see the password. The complication is that multiple list owners share a single administrator password --so if one owner forgets the passwored, if we can't look it up for them, then a reset would cause every other owner on the list to NOT know the current password.
-----Original Message----- From: Mark Sapiro [mailto:mark@msapiro.net] Sent: Monday, November 26, 2007 3:53 PM To: Melinda Gilmore; mailman-users@python.org Subject: Re: [Mailman-Users] Password addon
Melinda Gilmore wrote:
Does anyone know of a mailman addon that will disable user passwords.
Disable in what sense? In the sense of allowing anyone to change a user's options or visit private archives without any form of authentication, or with some authentication method other than a password? If that's what you mean, then I'm not aware of anything.
If you just mean not telling users about the password and not sending reminders, you can set a list to not send reminders (General Options->send_reminders), and you can edit the list welcome message and listinfo templates to remove the password references.
Does anyone know if this issues was resolved in 2.1
I don't understand what 'resolution' you're looking for.
Have you seen <http://www.list.org/mailman-member/index.html>?
If you are asking why there is a password, the password is required to authenticate the user before allowing the user to change her subscription options via web or email, obtain a private roster available to list members via web or email or view private archives.
If the user doesn't want to do any of these things, she doesn't need to know a password.
-- Mark Sapiro <mark@msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan
-- BEGIN-ANTISPAM-VOTING-LINKS
Teach CanIt if this mail (ID 484260817) is spam: Spam: https://antispam.osu.edu/b.php?c=s&i=484260817&m=32b41e7fbde7 Not spam: https://antispam.osu.edu/b.php?c=n&i=484260817&m=32b41e7fbde7 Forget vote: https://antispam.osu.edu/b.php?c=f&i=484260817&m=32b41e7fbde7
END-ANTISPAM-VOTING-LINKS
Melinda Gilmore wrote:
You don't need a password to unsubscribe. You only need a password to unsubscribe without responding to a confirmation email.
Here you are talking about list admin and/or moderator passwords, not user passwords. User passwords are in fact kept in the list's configuration file in plain text and can be 'looked up', although not conveniently. You are correct that the list's admin and moderator passwords are encrypted and cannot be retrieved in plain text. I know of no way to avoid the problem you describe above in current Mailman.
If I were in your position, I would just ask one of the other admins for the password.
Note, that you also have the issue that one admin who knows the password can change it and lock out the other admins.
This will all change in Mailman 3, but not before. The plan for Mailman 3 is to have a user database separate from the lists. Each user will have a password (or possibly other authentication method) and roles such as owner of list1, moderator of list2, member of list1, list2, list3, list4.
-- Mark Sapiro <mark@msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan
participants (2)
-
Mark Sapiro -
Melinda Gilmore