Quoting Barry Warsaw ([EMAIL PROTECTED]):
> Correct. Mailman does not encrypt or hash member passwords, and they > are stored in the clear in the config.pck file (this is actually not > good, but it's the way it is). Owner and moderator passwords are > generally hashed, typically these days with sha1. I have no idea where > your passwords are getting changed. Gotcha. I believe that's where I was drawing my erroneous conclusions from. I only have information about my own passwords, and they are clearly encrypted since I know what the values are. My own accounts are ALSO all either owners or moderators, so that explains it perfectly. The rest of the users passwords were either values I could recognize and therefore were cleartext passwords or random strings, and it's impossible to tell whether those are encrypted or just random by simply looking at them. I now assume they are random. Thanks for the information! I did see the references to the sha1 encryption in the code, further drawing me down the wrong path. Case closed... dave _______________________________________________ Mailman-Developers mailing list [EMAIL PROTECTED] http://mail.python.org/mailman/listinfo/mailman-developers Unsubscribe: http://mail.python.org/mailman/options/mailman-developers/archive%40jab.org
