* Mark Sapiro <m...@msapiro.net>: > Mark Sapiro wrote: > > >Ulf Hofemeier wrote: > >> > >>PS. if you email me, I can provide you with the URL to my MM installation. > > > > > >If you send it to me, I'll check it out. > > > After a little off list back and forth, Ulf wrote: > > >I had no site admin password set. Setting one with mmsitepass did the > >trick. Thank you for pointing this out. Maybe it would be worthwhile > >to add a line of code that checks whether a site admin pass has been > >set for future versions? I tried to find a solution for my problem on > >your mailman-user list, but couldn't. I have a hard time believing > >that I'm the only one who has run into this problem though. > > > >Thank you for looking into it. Great support and I appreciate it :-) > > > Not having ever set a site password should not cause this problem. If > the password was never set, there would be no data/adm.pw file at all > and authenticating the site password should fail. > > I think this issue could only occur if at some point someone actually > set a null site password. > > Still, it's worth fixing it so that a null password doesn't work. I > can't see that anyone would actually want passwordless access to the > admin interface except maybe in the case of a server that was not > exposed on the internet al all, but probably not even then. > > Does anyone need to have null passwords work in Mailman?
I could only think of a corporate server, where the directories containing Mailman's admin interface are protected by e.g. Kerberos/LDAP (i.e. Active Directory). Cheers Stefan ------------------------------------------------------ Mailman-Users mailing list Mailman-Users@python.org http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-users/archive%40jab.org Security Policy: http://wiki.list.org/x/QIA9
