I'm forwarding this proposal to lstsrv-l I once made to Eric. I'm not
sure if he noticed it then and I'd like your opinions. This current
password scheme is really a mess. I and Jose had to again use Xedit to try
to straighten things out and I'm still getting things rejected...
We really DON'T need any passwords in the lasting globalv's, lists etc.
Only one per one listserv which could be the same and no problems with
duplicates, missing passwords, changing etc.
 
Harri
----------------------------Original message----------------------------
 
Eric,
 
   I have had immense problems with passwords all the time culminating
on this INFO-A16 case. I see no reason why the explodes should not
work out from Harry (see the list file I sent to you).
I've tried many combinations of storing files and only once I managed
to store it using LSVPUT after recreating the list... I'm still not
sure where and how many copies of the password I should place when
replacing a file that either has or doesn't have a password. Somehow
the passwords of many lists have disappeared or not ever been assigned...
I also tried an EXPLODE on the INFO-A16 few minutes ago and the CANADA01
server complained about the wrong password... (I filled it in the JOB file :-)
   Anyway I propose a total change in the password system. Passwords should
be personal (like AFD), not listbased so that every userid would need
only one password with a single listserv and peer linked listservers would
need to know only the password for that listserv not for the list.
The passwords should be stored in a separate file from lists (as AFD
passwords) maybe along with the "user class" in relay style and they
should be changeable with a single simple command.
   This modification would enhance security because only one person needs
to know the password which can be changed with a single command whenever
the holder of the userid wishes. The current way of maintaining
and changing passwords on list is very tedious job with many files to store,
many passwords in many lasting globalv's (I use several A disks and several
accounts; I even have many UNREAD notebooks which causes some mail to be
forgotten till I use that diak as an A disk again :-( ) With personal
passwords you wouldn't need many passwords and peer linking and verification
would be much easier. When server's password changes it would be propagated
to all other servers automatically. In the change period both old and
new password conventions would be aproved and used by checking the version
from listserv names as in the case of distribute. If you want to be
extra secure when changing passwords you could use a acknowledge scheme
with a random key in the realy style again because faking both as receiving
and sending userid is bit harder. Even in that case problem could be
easily corrected by changing only that userid's password. Even the netserv
uses settable personal passwords. And of course with local users (or trusted
local nodes) you shouldn't need to use the password (I've never understood
why should I ever need to use a password to a server in the same node,
when it would be of any use the hacker would have already broken in
to my account and started using VOUCHSAF... ).
   So how about this little change to relieve us from the password mess
and hackers...
 
Harri