[Mailman-Users] Using site password, can't see private roster

Barry A. Warsaw barry at zope.com
Fri Aug 3 19:23:08 CEST 2001

>>>>> "GW" == Greg Ward <gward at mems-exchange.org> writes:

    GW> We have a list ("mems-talk at mems-exchange.org") where the
    GW> subscription list is private -- for the list admin's eyes
    GW> only.  I'm not the list admin (ie. don't have the admin
    GW> password for this list), but I do have the site password -- I
    GW> can (and do!) use it to access the admin pages for this list,
    GW> ie. /mailman/admin/mems-talk.

    GW> But when I try to access the roster page,
    GW> /mailman/roster/mems-talk, (after having already authenticated
    GW> with the site password for the admin page), it tells me

    GW>   "mems-talk subscriber list requires authentication."

    GW> Huh?  Isn't the authentication I did to access admin/mems-talk
    GW> good enough?  Is this one case where the site password isn't
    GW> good enough and I need the list password?  Or is it a bug?

    GW> This is Mailman 2.0.5 under Apache 1.3.19 on Debian Linux 2.2.

I think that's correct because in MM2.0.x CheckCookie() doesn't fall
back to the site password if the list password cookie can't be found.

Note that this /does/ work in MM2.1 because the authentication context
for roster.py is AuthUser -> AuthListModerator -> AuthListAdmin ->


More information about the Mailman-Users mailing list