LISTSERV - LSTSRV-L Archives - COMMUNITY.EMAILOGY.COM

LSTSRV-L Archives

LISTSERV Site Administrators' Forum

LSTSRV-L

	LISTSERV Archives
	LSTSRV-L Home

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Monospaced Font Show Text Part by Default Show All Mail Headers
Topic:	[<< First] [< Prev] [Next >] [Last >>]

Re: User Passwords

Matthew Black <[log in to unmask]>

Wed, 28 Nov 2012 22:27:29 +0000

text/plain (67 lines)

Sorry about the Subject: line...forgot that.

Thanks for the heads up on the USE_LDAP_PW setting. That's the behavior I expected.

We have not gone to production mode yet as we are still learning about our system and preparing migration of lists to this system.

Our user passwords are managed through Microsoft FIM, so we don't want them changing passwords within LISTSERV, as that would give them yet another PW to memorize.

The only people who MUST have access are LISTSERV site admins and list owners/moderators.

What I'm trying to figure out is whether loss of the web GUI for subscribers creates much impact/harm. If users want to unsubscribe from a list, can they simply click an HTML link in a message header/footer or will they need a password?

Thanks.

matthew black
california state university, long beach

-----Original Message-----
From: LISTSERV site administrators' forum [mailto:[log in to unmask]] On Behalf Of Ben Parker
Sent: Tuesday, November 27, 2012 10:24 PM
To: [log in to unmask]
Subject: Re: User Passwords (was: Block a user)

(please change the Subject: line when your message is not a continuation of
the current topic/thread)

On Tue, 27 Nov 2012 23:56:08 +0000, Matthew Black <[log in to unmask]>
wrote:

>Is there a way to list known users/accounts created by people who signed-up through the web interface (Register LISTSERV Password)?

Alas, no.  This information is not easily available.

>We are authenticating local users through LDAP. I am aware of the config variable LDAP_PW_ONLY, which is currently set to 0 (No). We are considering the pros and cons of disabling the registration function, because this would prevent list subscribers from managing their subscriptions through the web interface.

Actually, setting this to 1 will prevent anyone (local or outside) from
registering a personal password with LISTSERV.  Essentially this turns off
LISTSERV's internal authentication method and allows only (local) users to
authenticate and only via LDAP.  Since LISTSERV's relationship with LDAP is
read-only, users cannot create/change an LDAP password via LISTSERV.  This
must be done by other methods outside of LISTSERV.

So non local users cannot use the WWW interface for anything requiring
authetication (such as reading messages for private lists to which they are
subscribed) and also cannot even use their password with emailed commands. Any
users with passwords previously registered with LISTSERV will be immediately
invalidated since LISTSERV will no longer check their password against its
internal storage.

So consider carefully about making such a change, and be sure to give adequate
notice to all affected users.

############################

To unsubscribe from the LSTSRV-L list:
write to: mailto:[log in to unmask]
or click the following link:
http://peach.ease.lsoft.com/scripts/wa-PEACH.exe?SUBED1=LSTSRV-L&A=1

############################

To unsubscribe from the LSTSRV-L list:
write to: mailto:[log in to unmask]
or click the following link:
http://peach.ease.lsoft.com/scripts/wa-PEACH.exe?SUBED1=LSTSRV-L&A=1

ATOM RSS1 RSS2

COMMUNITY.EMAILOGY.COM