[Mailman-Users] password management
Alain Williams
addw at phcomp.co.uk
Tue Oct 17 21:21:12 CEST 2006
On Tue, Oct 17, 2006 at 12:55:52PM -0500, Patrick Bogen wrote:
> On 10/17/06, Melinda <gilmore.126 at osu.edu> wrote:
> > Has anyone come up with a good management for passwords. We are about to
> > introduce Mailman to the university and many are concerned about password
> > management and generating a lot of helpdesk calls. We currently are running
> > Listproc on a Solaris. We want to move to Mailman on a RedHat Linux box.
> > Any pointers would be much appreciated. I am also new to this world.
>
> Are you concerned about the mailman passwords?
>
> These passwords are generally understood to be low-security; they are,
> in fact, re-emailed periodically (if enabled), in plaintext; and since
> email is largely unencrypted during transport, this makes such emails
> vulnerable to sniffing attacks.
That is not the point. The problems are:
* that mailman passwords are locked away in python pickles .. this makes them difficult to
access/maintain through scripts written in other languages.
* if you are subscribed to several lists, then you have a different password
for each list, or you need to change each of them every time that
you change.
> With all that in mind, mailman passwords shouldn't be used for
> anything other than mailman. Even in mailman, they're largely
> 'unimportant,' and provide only an additional layer of security where
> most MLMs have no security (e.g., with mailman, you give an email AND
> its password to unsubscribe. Most other MLMs give only the email.)
No: they are not meant to he high security, but it would be nice to
use the same one as with various other services on the same box.
[23~--
Alain Williams
Parliament Hill Computers Ltd.
Linux Consultant - Mail systems, Web sites, Networking, Programmer, IT Lecturer.
+44 (0) 787 668 0256 http://www.phcomp.co.uk/
#include <std_disclaimer.h>
More information about the Mailman-Users
mailing list