[Mailman-Users] sharing administrator passwords

Larry Stone lstone19 at stonejongleux.com
Thu May 29 13:35:02 CEST 2008


On 5/29/08 6:23 AM, Charles Marcus at CMarcus at Media-Brokers.com wrote:

> On 5/28/2008, Brad Knowles (brad at python.org) wrote:
>> From /usr/local/mailman/Mailman/Defaults.py:
>> 
>> # Normally when a site administrator authenticates to a web page with the
>> site
>> # password, they get a cookie which authorizes them as the list admin.  It
>> # makes me nervous to hand out site auth cookies because if this cookie is
>> # cracked or intercepted, the intruder will have access to every list on the
>> # site.  OTOH, it's dang handy to not have to re-authenticate to every list
>> on
>> # the site.  Set this value to Yes to allow site admin cookies.
>> ALLOW_SITE_ADMIN_COOKIES = No
> 
> Sorry, guess I should have looked a little closer... but thanks...
> 
> I made the change and restarted mailman, and still have to log into each
> list, so I'm guessing this only applies to new lists? I'll have to run a
> command to make it apply to existing lists?

Is your site password the same as the list admin passwords? My playing
around with the feature says the site admin password must be different from
the list admin password. Otherwise, it will be authenticated as the list
password, not the site password, and you'll need to log into the other
lists.

-- 
Larry Stone
lstone19 at stonejongleux.com
http://www.stonejongleux.com/




More information about the Mailman-Users mailing list