[Mailman-Developers] Big checkins a'comin'!
Andrew McNamara
andrewm@connect.com.au
Thu, 15 Feb 2001 15:12:49 +1100
> JM> Might as well add code to convert the password from the
> JM> depreciated form to the current default if one of the fallback
> JM> methods succeeds, then set the fallbacks to cascade over
> JM> crypt, MD5 and plaintext. This way, you can quitely change to
> JM> a more trusted hash should your current default eventually be
> JM> broken.
>
>No can do. crypt()'s a one-way hash and Mailman doesn't store the
>cleartext password (for the list), so there's no way to recover it in
>order to convert.
You could convert on the fly: when the user validates correctly, you
temporarily have the clear-text password, and could convert it from
crypt to md5 at this point.
---
Andrew McNamara (System Architect)
connect.com.au Pty Ltd
Lvl 3, 213 Miller St, North Sydney, NSW 2060, Australia
Phone: +61 2 9409 2117, Fax: +61 2 9409 2111