LISTSERV - LSTOWN-L Archives - COMMUNITY.EMAILOGY.COM

LSTOWN-L Archives

LISTSERV List Owners' Forum

LSTOWN-L

	LISTSERV Archives
	LSTOWN-L Home

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Monospaced Font Show Text Part by Default Show All Mail Headers
Topic:	[<< First] [< Prev] [Next >] [Last >>]

Re: help whith listserv users password

Tim Ramsey <[log in to unmask]>

Tue, 28 Sep 1999 15:22:05 -0500

text/plain (22 lines)

On Tue, Sep 28, 1999 at 11:45:42AM -0400, John Lyon wrote:
>They are encrypted and you can't access them. If you need to know them the
>user will have to tell you.

I don't think it's a good idea to give a false sense of security.  The
passwords are stored in plaintext in binary file(s), and are logged in
plaintext as well.

We keep reminding our users not to use the same password for Listserv that
they use for any computer account, but of course they do.  I regularly
mine the Listserv log for passwords; I add these to the dictionary that
our UNIX password change command consults for bad passwords and that we
use when we run Crack.

Which brings up yet another feature request: any plans to add hooks for
single sign-on authentication to Listserv?

Tim Ramsey / Sr. Systems Admin      [log in to unmask]    (work)
Enterprise Server Technologies      [log in to unmask]  (personal)
Computing and Network Services      (785) 532-3742 (office)
Kansas State University

ATOM RSS1 RSS2

COMMUNITY.EMAILOGY.COM