[Mailman-Users] Secure server

Jon Carnes jonc at nc.rr.com
Wed Dec 12 16:21:35 CET 2001

You can always edit out the cron job that sends passwords out...  And 
replace it with a script that sends out a message with a link to the 
Listinfo pages of the lists that the user is subscribed to.

In this way the passwords are not sent out arbitrarily.  

To get https to work for Mailman is simple.  Of course that depends on you 
installing an https server first (like apache-ssl).  Once you have done 
that, move your mailman cgi definition into the https section of the 
httpd.conf file. 

Viola, folks now use https to connect to your mailman install.

BTW, the passwords are stored in plain text on your server, but there is no 
reason in the world that they need to be world readable.  They only need to 
be readable by the group "mailman".  So really, there is no reason that a 
user should have access the them.

Jon Carnes

On Wednesday 12 December 2001 08:54, alex wetmore wrote:
> On 12 Dec 2001, Rodolfo Pilas wrote:
> > Is there are any way to have the passoword authentication under a
> > secure server (https) ??
> >
> > Can you give me some tip?
> Sure, you can configure apache-ssl to do this.
> What would be the point though?  The list still sends out plaintext
> passwords, and the passwords exist on disk in plaintext.  The list
> member passwords are not meant to be secure.
> alex
> ------------------------------------------------------
> Mailman-Users maillist  -  Mailman-Users at python.org
> http://mail.python.org/mailman/listinfo/mailman-users

More information about the Mailman-Users mailing list