[Mailman-Users] Can I enforce secure admin passwords?
Kirke Johnson
kjohnson at pcc.edu
Wed Jun 3 23:33:32 CEST 2009
We took care of the clear text transmissions, I believe. One of the
first things we did with Mailman was to make sure all web activity
uses https. Similarly, we use SSL for email server authentication and
mail transfer security.
What is bothering me is list owners who want to use their initials or
the list name as list owner passwords. I feel like kind of a sitting
duck when we can't see the passwords they have chosen and have no way
to enforce decent choices.
Thanks for your interest and thoughts as to how Mailman might be
enhanced in this area!
At 06:48 PM 6/2/2009, you wrote:
>Kirke Johnson writes:
>
> > I am concerned that list owners can put insecure admin passwords on
> > their lists. My testing suggests that short passwords are accepted as
> > well as alpha-only. The only control I have found is the length of
> > admin passwords generated by Mailman. I have not located anything
> > else that would enforce even minimal password security.
> >
> > Am I missing something here?
>
>No, except that there are other security issues with all Mailman
>passwords. Specifically, that these transactions are conducted over
>unencrypted channels anyway.
----------------------------------------------------------------------
Kirke Johnson Internet: kjohnson at pcc.edu
Email Administrator, TSS , Sylvania Campus http://www.pcc.edu/
Portland Community College, Portland, OR, USA (503) 977-4368
More information about the Mailman-Users
mailing list