[Mailman-Users] Secure server
Jon Carnes
jonc at nc.rr.com
Wed Dec 12 16:21:35 CET 2001
You can always edit out the cron job that sends passwords out... And
replace it with a script that sends out a message with a link to the
Listinfo pages of the lists that the user is subscribed to.
In this way the passwords are not sent out arbitrarily.
To get https to work for Mailman is simple. Of course that depends on you
installing an https server first (like apache-ssl). Once you have done
that, move your mailman cgi definition into the https section of the
httpd.conf file.
Viola, folks now use https to connect to your mailman install.
BTW, the passwords are stored in plain text on your server, but there is no
reason in the world that they need to be world readable. They only need to
be readable by the group "mailman". So really, there is no reason that a
user should have access the them.
Jon Carnes
On Wednesday 12 December 2001 08:54, alex wetmore wrote:
> On 12 Dec 2001, Rodolfo Pilas wrote:
> > Is there are any way to have the passoword authentication under a
> > secure server (https) ??
> >
> > Can you give me some tip?
>
> Sure, you can configure apache-ssl to do this.
>
> What would be the point though? The list still sends out plaintext
> passwords, and the passwords exist on disk in plaintext. The list
> member passwords are not meant to be secure.
>
> alex
>
>
> ------------------------------------------------------
> Mailman-Users maillist - Mailman-Users at python.org
> http://mail.python.org/mailman/listinfo/mailman-users
More information about the Mailman-Users
mailing list