[Mailman-Users] password management

Alain Williams addw at phcomp.co.uk
Tue Oct 17 21:21:12 CEST 2006

On Tue, Oct 17, 2006 at 12:55:52PM -0500, Patrick Bogen wrote:
> On 10/17/06, Melinda <gilmore.126 at osu.edu> wrote:
> > Has anyone come up with a good management for passwords.  We are about to
> > introduce Mailman to the university and many are concerned about password
> > management and generating a lot of helpdesk calls.  We currently are running
> > Listproc on a Solaris.   We want to move to Mailman on a RedHat Linux box.
> > Any pointers would be much appreciated.   I am also new to this world.
> Are you concerned about the mailman passwords?
> These passwords are generally understood to be low-security; they are,
> in fact, re-emailed periodically (if enabled), in plaintext; and since
> email is largely unencrypted during transport, this makes such emails
> vulnerable to sniffing attacks.

That is not the point. The problems are:

* that mailman passwords are locked away in python pickles .. this makes them difficult to
  access/maintain through scripts written in other languages.
* if you are subscribed to several lists, then you have a different password
  for each list, or you need to change each of them every time that
  you change.

> With all that in mind, mailman passwords shouldn't be used for
> anything other than mailman. Even in mailman, they're largely
> 'unimportant,' and provide only an additional layer of security where
> most MLMs have no security (e.g., with mailman, you give an email AND
> its password to unsubscribe. Most other MLMs give only the email.)

No: they are not meant to he high security, but it would be nice to
use the same one as with various other services on the same box.

Alain Williams
Parliament Hill Computers Ltd.
Linux Consultant - Mail systems, Web sites, Networking, Programmer, IT Lecturer.
+44 (0) 787 668 0256  http://www.phcomp.co.uk/

#include <std_disclaimer.h>

More information about the Mailman-Users mailing list