Your message dated Sat, 23 May 2009 21:09:25 +0200
with message-id <[email protected]>
and subject line Re: Bug#275147: sympa: Inconsistency "mail me my passwd" vs.
authentification itself.
has caused the Debian Bug report #275147,
regarding sympa: Inconsistency "mail me my passwd" vs. authentification itself.
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
275147: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=275147
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: sympa
Version: 4.1.2-1
Severity: minor
This is related to bug 275055, i.e.,
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=275055 .
As reported in that bug, I had an initial misconfiguration so that no
authentification was possible through the web interface. My
/etc/sympa/auth.conf existed, but consisted of comments only.
However, that same web interface would still happily mail passwords to Sympa
users, even though, with such passwords, they still could not get in.
My impression is, the code that mails out passwords has a fallback to use
database table authentication, i.e., "user_table", if nothing has been
configured. On the other hand, the code that actually checks the
authentification does not (or does no longer) have such a fallback. So the two
are inconsistent in that respect.
In my opinion, treatment should be consistent.
Personally, I would prefer no fallback in either case. Also, I would consider
the following helpfull: Both pieces of code should log a message, when a
(questionable) sympa configuration results in no authentification whatsoever.
Regards, and thank you for providing fine software
Andreas
--
Dr. Andreas Krüger, [email protected]
GPG/PGP Fingerprint 8063 4A9B 362D 4220 A546 14C1 EA19 AADC FD44 5EB7
DV-RATIO Nordwest GmbH, Tel.: +49 211 577 996-0, Fax: +49 211 559 1617
Leostraße 31, 40545 Düsseldorf, Germany
signature.asc
Description: OpenPGP digital signature
--- End Message ---
--- Begin Message ---
Hi,
This is a four years old bug and the submitter can't help us to fix it
as he stopped using sympa. Hence i'm closing the bug.
Feel free to reopen it if necessary.
Regards,
--
Emmanuel Bouthenot
--- End Message ---
