Jim Popovitch wrote: > >I keep seeing "Login failure with private rosters" errors in my mischief >logs. Some are accepted as being valid, but others seem to be unrelated >to private archives and more likely to be failure to login to >unsubscribe or change options. I haven't directly asked any of the >users, however I have some inside knowledge on what a few of the users >are doing since I know their email addresses are changing. That >knowledge, coupled with the fact that their particular list only has >public archives, makes me believe there may be an error in the log >message in Mailman v2.1.7. The mischief logs don't identify which list >the login failure occurs with, so it is difficult to know for sure. Has >anyone else experienced similar?
This is a normal message. It probably should specify the list but it doesn't. It has nothing to do with public/private archives. It has to do with whether the membership roster is available to anyone or not. I.e., the Privacy options...->Subscription rules->private_roster setting. If the roster is not available to anyone, we are concerned about invalid login attempts to the options page. If, for example, we just said 'invalid password' to the user who attempts to login with a bad password, someone could use that response to verify whether or not an address was subscribed to the list, thus at least partially defeating the privacy of the membership list, so we just tell the user the login is unsuccessful, but not why, and we log the event in 'mischief' in case it is really part of an attempt to probe the membership list. In most cases, these log entries are really legitimate options page login attempts by members who forgot or mistyped their password. -- Mark Sapiro <[EMAIL PROTECTED]> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan ------------------------------------------------------ Mailman-Users mailing list Mailman-Users@python.org http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-users/archive%40jab.org Security Policy: http://www.python.org/cgi-bin/faqw-mm.py?req=show&file=faq01.027.htp
