[Sysadmin] changed list admin passwords
David Kaufman
david at gigawatt.com
Mon Apr 9 15:00:18 CDT 2007
David Kaufman <david at gigawatt.com> wrote:
>> Since the admin passwords for all of our lists were not exactly
>> "cryptographically secure" and were in fact, not impossible to
>> guess... I've change them all.
FYI, changing the individual lists' passwords via their respective
list-admin pages, in effect, only *adds* the new password as *one* which
will allow administration of that list. I discovered, after changing
these, that while the new password worked fine, the old password still
worked too! ...because it was the same one used as the *site* password
also. {sigh} So, for future reference (if only my own) the "site
password" cannot be changed via the mailman web-ui -- it must be changed
using the mmsitepass program in mailman's bin directory.
Mailman's authentication scheme is so weird! Whatever happened to, you
know, requiring users to have user names, for instance, eh? How about
assigning permissions to groups, and putting users into groups to
control who can do what?
This whole "what you can do is based on which password you use" of
Mailman's has always seemed to me like it was invented by 11 year
olds -- What's the magic word?
I take that back -- some 11 year olds program better than this </rant>
:-)
-dave
More information about the Sysadmin
mailing list