No problem  with that approach. I  had planned to do  something like that
for  nodes that  change  their names  (both NADs  having  to confirm  the
command). The  only problem is  that there are  lists (the ones  with the
various high-security keywords)  for which this will not  work. To change
the AFD, password  validation is required as a rule  (the prolog-text can
contain  a  password when  LISTSERV  is  used  as  a "feed"  for  another
LISTSERV, or similar file server). If user  A has an AFD at some site, he
already has a password, so no problem.  But if he has another password at
a different site, he may need to  do the command twice, or to specify the
two passwords (as  in 'PW=myfirstpw,myotherpw,yetanotherone'). Also, user
B would need to get himself a password to confirm all of this, etc.
 
All this nonsense  is not the fault  of the user, but of  LISTSERV and of
the network (which provides near-zero  security). The problem is that the
LISTSERVs cannot  trust each other any  more than they can  trust a user.
The rule is that anything LISTSERV@A  is allowed to ask LISTSERV@B to do,
a hacker that can  fake addresses must be able to  do directly; this way,
faking the address of LISTSERV@A doesn't give him any benefit over faking
the address of his target.
 
I plan  to change  this in a  future version, but  this requires  a major
design change and it cannot be done  quickly. This is the reason why I am
delaying the implementation of this kind of things.
 
  Eric