I'm just getting majordomo [1.94.4] set up and it seems to be running
fine, but I"ve run into what I think is a bug [or at least a
misfeature] in the 'passwd' command.
I understand about the three passwords [site admin, list admin, list
moderator], but it seems wrong to me to allow the list admin to
change the site admin's password. It'd make more sense if the
'passwd' command ONLY authenticated with the .passwd password and NOT
the .config password. It seems to defeat the intent of the site
password if the list admin can change it out from underneath the site
administrator, no? Also, I'm looking ahead for the potential for
confusion as we get less-experienced folk administering lists: if
they change their password using 'passwd' [which is a BUNCH easier
than using 'config'], if they later do a config they'll see their old
password [and indeed, they'll discover [perhaps to their dismay] that
'passwd' *didn't* undo permitting access via their old password].
It looks like it is hard to hack majordomo ot have passwd only use
the .passwd password [since the authentication is done in a single
subroutine that checks both places... I'd have to provide a separate
authentication routine just for the passwd command], so what I'm
thinking of doing is -removing- the section of the list-owners-info
doc that even mentions the passwd command and also editing out of my
copy of majordomo. Is this a crazy thing to do? Am I somehow
missing the obvious?
Thanks!
/Bernie\
--
Bernie Cosell bernie@rev.net
Roanoke Electronic Village
|
|
