GNU Mailman

Pythons with or without the crypt module (PR#51)

Bug #265217 reported by Bug Importer
2
Affects Status Importance Assigned to Milestone
GNU Mailman
Fix Released
Medium
Barry Warsaw
GNU Mailman postponed

Bug Description

Jitterbug-Id: 51
Submitted-By: <email address hidden>
Date: Thu, 3 Jun 1999 06:02:44 -0400 (EDT)
Version: 1.0rc1
OS: Solaris 2.6

When changing from a Python compiled without the "crypt" module
to a Python
compiled
with this module, all (list and site) admin passwords (which have been
encrypted
using the always-available "md5" module) stop working.

Thus, SecurityManager.ValidAdminPassword() and
SecurityManager.CheckSiteAdminPassword() probably should fall back to
"md5"
crypting
if "crypt" crypting doesn't success.

As the "crypt" module isn't always available, it doesn't make
sense to have a
fall
back the other way around -- e.g. if you have "crypt" crypted
your passwords,
you
_will_ lose if you start using a Python without the "crypt"
module.

====================================================================
Audit trail:
Fri Jul 09 18:56:04 1999 bwarsaw changed notes
Fri Jul 09 18:56:04 1999 bwarsaw moved from incoming to open

[http://sourceforge.net/tracker/index.php?func=detail&aid=214094&group_id=103&atid=100103]

Revision history for this message
Bug Importer (bug-importer) wrote :

Maybe we should just use md5 all the time since its a standard Python
module?

Revision history for this message
Barry Warsaw (barry) wrote :

Actually, Mailman should just always use md5 or sha and never use crypt.
Not important enough to change for 2.0 final.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.