On Wed, 14 Feb 2001 22:59:15 -0500
Barry A Warsaw <[EMAIL PROTECTED]> wrote:
> I've thought about storing the list password in the clear. This
> would allow a mail-back option for list owners, but requires for
> stricter security in the file system (since the list passwords can
> be snooped fro
On Thu, 15 Feb 2001 15:12:49 +1100 Andrew McNamara <[EMAIL PROTECTED]> wrote:
> >JM> Might as well add code to convert the password from the
> >JM> depreciated form to the current default if one of the fallback
> >JM> methods succeeds, then set the fallbacks to cascade over
> >JM>
On Wed, 14 Feb 2001 22:59:15 -0500 Barry A. Warsaw <[EMAIL PROTECTED]> wrote:
>
> > "JM" == John Morton <[EMAIL PROTECTED]> writes:
>
> JM> Might as well add code to convert the password from the
> JM> depreciated form to the current default if one of the fallback
> JM> methods
> "AM" == Andrew McNamara <[EMAIL PROTECTED]> writes:
AM> You could convert on the fly: when the user validates
AM> correctly, you temporarily have the clear-text password, and
AM> could convert it from crypt to md5 at this point.
Good point! Dang, why didn't I think of that? :
>JM> Might as well add code to convert the password from the
>JM> depreciated form to the current default if one of the fallback
>JM> methods succeeds, then set the fallbacks to cascade over
>JM> crypt, MD5 and plaintext. This way, you can quitely change to
>JM> a more trusted
> "JM" == John Morton <[EMAIL PROTECTED]> writes:
JM> Might as well add code to convert the password from the
JM> depreciated form to the current default if one of the fallback
JM> methods succeeds, then set the fallbacks to cascade over
JM> crypt, MD5 and plaintext. This way
On Wed, 14 Feb 2001 21:57:12 -0500 Barry A. Warsaw <[EMAIL PROTECTED]> wrote:
> Hmm, other than that, there's a few more bounce detectors. Also, I'm
> ditching the crufty md5/crypt munging of passwords and opting for an
> sha1 hash always. However, to support backwards compatibility
> (i.e. the
Folks,
As you've probably guessed, I've been quite busy with other things[*]
lately. But I /have/ been working on Mailman in my spare time. I'm
now ready to check in some significant changes. They seem to work
although they've only gone through limited testing, and I have not
even converted m
