John A. Martin
jam at jamux.com
Mon Nov 29 15:09:03 CET 1999
-----BEGIN PGP SIGNED MESSAGE-----
>>>>> "Chris" == Christopher Lindsey
>>>>> "Re: [Mailman-Users] Cookies"
>>>>> Mon, 29 Nov 1999 00:31:29 -0600 (CST)
>> that states "we don't do cookies"?
Chris> allows cookies for mailing list usage only.
Chris> However, if the company/organization is too bloated or
Chris> bureaucratic to get this done in any reasonable amount of
Chris> time, not much with the current code.
that says, in effect, "We do not offer nor accept cookies, if you are
asked to accept a cookie you are not connected to this site" and a
policy that says, in effect, "Trust us and anybody who may impersonate
Chris> But... Code was submitted back in July to allow .htaccess
Chris> style authentication (read "not cookies) so that we could
Chris> use our much preferred, stronger Kerberos authentication on
Chris> a secure server (single sign-on is Good).
Chris> I'll see if I can dig up the code. If you don't hear from
Chris> me in a week, ping me. Memory == sieve. :)
Thank you. That might be a great help.
Will your patch allow single sign-on without Kerberos? The
requirement is to conform to the same simple direct privacy statement
as on other web servers at the site. The mail and web server are on a
host dedicated to the mailing lists and their archives (now listproc)
which are not sensitive. Consideration is being given to using
Apache-SSL for Mailman.
The cookie business could be a killer unless it can be disabled while
awaiting a single sign-on solution.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.0 (GNU/Linux)
Comment: By Mailcrypt 3.5.4 and Gnu Privacy Guard <http://www.gnupg.org/>
-----END PGP SIGNATURE-----
More information about the Mailman-Users