teach firefox that different lists may have different passwo

Bug #266465 reported by Rbcollins on 2008-08-06
This bug affects 2 people
Affects Status Importance Assigned to Milestone
GNU Mailman

Bug Description

given two lists on a mailman instance, foo and bar, each with a list
passsword the same as the name. login to one, save the password in firefox,
go to the other's admindb and it will fail - wrong password. login and ask
firefox to remember it and it resets the password saved for the list foo.

This is annoying :) I suspect you are using the same field and form names -
while I don't know what the heuristic ff uses for html auth field
detection, its certainly assuming its the *same* password.

One hack that might be elegant and work would be a hidden field called
username set to the list name :)

Another would be just changing things to ff thinks its a different password
and stores it differently.

I'd *really* love a fix that can be backported to 2.1.8 which our list
servers are running.


Mark Sapiro (msapiro) wrote :

Originator: NO

The template for the pages is admlogin.html. See
<http://wiki.list.org/x/jYA9> for ways to make an edited version of this
template. The string %(listname)s will be replaced with the list name. You
could implement your first suggestion by changing the line

      <TD><INPUT TYPE="password" NAME="adminpw" SIZE="30"></TD>


      <TD><INPUT TYPE="HIDDEN" NAME="userid" VALUE="%(listname)s">
          <INPUT TYPE="password" NAME="adminpw" SIZE="30"></TD>

Changing the name "adminpw" to something list specific as in your second
suggestion would require several code changes to identify the password.

Thorsten Glaser (mirabilos) wrote :

Would something like this work? (For the lenny version of the package though, and we’re
only about to test it.)

In the long term, I’d prefer upstream to simply rename the field and not add another
hidden one though.

Mark Sapiro (msapiro) wrote :

The patch looks like what I suggested in comment #1 based on the suggestion in the original. Whether it works or not is up to Firefox.

For the long term, the entire GUI is being redone. See <http://wiki.list.org/x/CACe>. Also, any specific admin (or list member) will have a single Mailman login which will work for all that person's defined roles, thus rendering this whole issue moot for MM 3.

Note also that for MM 2.1 there are password management plugins for Firefox that may do a better job and render this unnecessary.

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers