[Mailman-Users] force re-authentication in web UI
Devin Reade
gdr at gno.org
Fri Apr 10 17:44:13 CEST 2015
In the case where a list owner or moderator password has been
compromised, or when performing a change of owner/moderator,
one should obviously change the related passwords. However,
if a former owner/moderator (or the person who stole the password)
still has their browser open, their cookie is still valid
and they can continue to access and change the list.
I've been perusing the various docs to see if there is a method
to purge state such that web UI users are required to re-authenticate
(either globally or on a per-list basis), but cannot find anything.
Simply restarting apache isn't sufficient (determined emperically).
Does this feature exist? If so, any pointers are appreciated.
Running mailman-2.1.16 with httpd-2.2.15.
Devin
More information about the Mailman-Users
mailing list