On     Wed,     11     Jun     1997    15:04:59     +1000     David     M
<[log in to unmask]> said:

>Yes they can have access to the  resources that my password gives me but
>they should not know what my personal  password is as I might use it for
>other purposes too.

I think what you meant is that  you should not use your LISTSERV password
for  anything else  because the  administrator can  easily intercept  and
review all  incoming mail and  find out what  password you are  using :-)
Quite a  number of problems are  due to people using  the wrong password,
using national  characters in  passwords that don't  arrive the  way they
were sent, getting the syntax of PW= wrong, claiming they sent a password
when in fact they didn't (for instance because they thought putting it on
a line  by its own after  the last command was  the way you do  it), etc.
Debugging this with all passwords hidden from the log would be difficult.
Conversely an  evil super-user who wants  to listen in to  some passwords
just  needs to  do insert  a little  filter in  the 'listserv:'  entry in
/etc/aliases that  appends the  message to  a file, and  I'm sure  even a
novice administrator would know how  to write that program, it's probably
included in every perl book as one of the early exercises :-) Since these
passwords are sent by clear-text e-mail  you're just not going to be able
to prevent administrators  from finding out what they are.  Maybe one day
PEM will become widely available and the whole authentication scheme will
change,  but with  plain text  passwords sent  over a  medium that  often
bounces stuff  to the  postmaster (the postmaster  being usually  a bored
student who  figured this paid more  than 7/11), you just  have to accept
that  security is  limited.  This is  why there  are  options to  disable
password  usage   and  force   the  use   of  the   "confirm"  mechanism.
Alternatively if the owner  is on the same side of a  firewall (or on the
same machine) as LISTSERV, passwords are usually quite safe.

  Eric