[Mailman-Users] htdig authorization problem

Sat Jan 20 03:45:06 CET 2007

I just succeeded in blowing away my spooled mail, so no longer have
what was in this thread (yes, I can look at the mailman-users archives).
Thankyew Thunderbird, which linked to my local spool instead of the 
external one it was supposed to.  

Getting back to the salient points:

If the htdig access ever actually worked in the private directory, 
I can't confirm reliably.  Inputs from my listers aren't sufficiently 
accurate for me to work with (this would be the third case where some of 
them thought it was working and it wasn't).  The error log indicates
failures from the time that the archives and htdig data base were built,
and are in sufficient quantity that I believe that this problem has
existed since I brought them on line.  

I have checked the problem with a Firefox 1.5.0.9, a late Mozilla build
and Netscape 4.78) ancient, but it's the Solaris 9 default).  

The Apache is 1.13.34 (Solaris 9 build).  There is a later version in 
the Solaris 9 patch cluster, but I am not going to run patching on this
box until I can finish building the Mailman installation on another box
and switch over.  I doubt that this is an Apache problem. 

The httpd.conf on this site is "right out of the Mailman install guide."
I am not using https, and all of the mailman stuff is in one directory
tree without symbolic links.  Default URL in mm_cfg.py is for the 
DNS domain being used, and I ran withlist/fix_url to point to that
domain before going on-line.  

Running with Firefox, I cleared the cache and all cookies, then retested
as a user, going from the listinfo page.  This URL is:
http://www.mercedeslist.com/mailman/listinfo/mercedes

The archives page is:
http://www.mercedeslist.com/mailman/private/mercedes/

As I have said, that directory tree is all in one place on one
filesystem.  

Running as a user, after having assured that Firefox is "cold" (cache
cleared, one cookie present), I can get an article to display through
htdig by filling in either the account name or the password.  Both are
not needed.  However, for the user account, the name or password has to
be correct.  If one of the two fields is correct, bogus information in
the other does not prevent access.  However, in true user state, one
field has to be correct.  

The cookie held by the browser does not go away, and does not appear to
be altered.  It is valid for authorization to go to the options field
without having to revalidate.

Hank

-- 
Hank van Cleef (vancleef at lostwells.net, hvanclee at nyx.net)
1986 420SEL "A stranger in paradise" (Fremont Co. Wyoming)
1986 GMC 1500 6.2 diesel pickup "Seen one, seen them all"