Re[2]: [Mailman-Developers] Big checkins a'comin'!
John Morton
John Morton <jwm@plain.co.nz>
Thu, 15 Feb 2001 17:50:09 +1300 (NZDT)
On Thu, 15 Feb 2001 15:12:49 +1100 Andrew McNamara <andrewm@connect.com.au>=
wrote:
> > JM> Might as well add code to convert the password from the
> > JM> depreciated form to the current default if one of the fallback
> > JM> methods succeeds, then set the fallbacks to cascade over
> > JM> crypt, MD5 and plaintext. This way, you can quitely change to
> > JM> a more trusted hash should your current default eventually be
> > JM> broken.
> >
> >No can do. crypt()'s a one-way hash and Mailman doesn't store the
> >cleartext password (for the list), so there's no way to recover it in
> >order to convert.
>=20
> You could convert on the fly: when the user validates correctly, you
> temporarily have the clear-text password, and could convert it from
> crypt to md5 at this point.
That's what I meant :-) Not my day for clarity, it seems.
John