I cannot think of any reason for having a null admin password. It is possible for corporate entities as Stefan mentions but even then probably very rare. If you are going to add the code to check for a null admin password, why not add an additional check to see if a new config option is set to yes - ALLOW_NULL_ADMIN_PWD. The default would be NO and for the corporate/groups/individuals that wish a null password, they can set it to YES in mm_cfg.py.
Just a thought, Chris Stefan Förster wrote: > * Mark Sapiro <m...@msapiro.net>: > >> Mark Sapiro wrote: >> >> >>> Ulf Hofemeier wrote: >>> >>>> PS. if you email me, I can provide you with the URL to my MM installation. >>>> >>> If you send it to me, I'll check it out. >>> >> After a little off list back and forth, Ulf wrote: >> >> >>> I had no site admin password set. Setting one with mmsitepass did the >>> trick. Thank you for pointing this out. Maybe it would be worthwhile >>> to add a line of code that checks whether a site admin pass has been >>> set for future versions? I tried to find a solution for my problem on >>> your mailman-user list, but couldn't. I have a hard time believing >>> that I'm the only one who has run into this problem though. >>> >>> Thank you for looking into it. Great support and I appreciate it :-) >>> >> Not having ever set a site password should not cause this problem. If >> the password was never set, there would be no data/adm.pw file at all >> and authenticating the site password should fail. >> >> I think this issue could only occur if at some point someone actually >> set a null site password. >> >> Still, it's worth fixing it so that a null password doesn't work. I >> can't see that anyone would actually want passwordless access to the >> admin interface except maybe in the case of a server that was not >> exposed on the internet al all, but probably not even then. >> >> Does anyone need to have null passwords work in Mailman? >> > > I could only think of a corporate server, where the directories > containing Mailman's admin interface are protected by e.g. > Kerberos/LDAP (i.e. Active Directory). > > > Cheers > Stefan > ------------------------------------------------------ > Mailman-Users mailing list > Mailman-Users@python.org > http://mail.python.org/mailman/listinfo/mailman-users > Mailman FAQ: http://wiki.list.org/x/AgA3 > Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ > Unsubscribe: > http://mail.python.org/mailman/options/mailman-users/cnulk%40scu.edu > > Security Policy: http://wiki.list.org/x/QIA9 > ------------------------------------------------------ Mailman-Users mailing list Mailman-Users@python.org http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-users/archive%40jab.org Security Policy: http://wiki.list.org/x/QIA9
