[Mailman-Developers] config.pck password encryption inconsistencies

Dave Dewey ddewey at cyberthugs.com
Wed Dec 8 16:16:30 CET 2004

Quoting Dave Dewey (ddewey at cyberthugs.com):

> Here's the issue I can't solve.  It is clear that SOME user passwords in the
> lists' config.pck file are encrypted, and some aren't.  This is within the
> SAME config.pck, I'm only running one list.  When using 'dumpdb' to
> investigate the the users email/passwords, some of the passwords are
> definitely clear text.  However, others (including all of my own, for
> various test subscriptions) are encrypted.

More info:  it appears that only passwords that were chosen at time of
subscription are encrypted.  If a user then goes in and changes the
password, it is stored unencrypted in config.pck.


More information about the Mailman-Developers mailing list