Strange password problem
This happened several times recently with Postorius Version 1.3.8: -I try to log in as admin -rejected because of wrong password (password is stored in browser) -used forgotten password function -reset password to the stored value from browser -login works now. Works also when logged out/in again -however, the next day this behaviour repeats.
Any hints?
On Thu, Jun 22, 2023 at 12:34 PM Eggert Ehmke via Mailman-users < mailman-users@mailman3.org> wrote:
This happened several times recently with Postorius Version 1.3.8: -I try to log in as admin -rejected because of wrong password (password is stored in browser) -used forgotten password function -reset password to the stored value from browser -login works now. Works also when logged out/in again -however, the next day this behaviour repeats.
Any hints?
- You have a bug in the browser cache. Try a different browser.
- You can check also mailmanweb logs for clues??
-- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254 7 3200 0004/+254 7 2274 3223 "Oh, the cruft.", egrep -v '^$|^.*#' ¯\_(ツ)_/¯ :-) [How to ask smart questions: http://www.catb.org/~esr/faqs/smart-questions.html]
There may be broken entries in my config. In web/logs/uwsgi-error.log I get:
Unknown command: 'qcluster' when the entry in uwsgi.ini is:
*attach-daemon* *=* python3 /opt/mailman/venv/lib/python3.9/site-packages/ mailman_web/manage.py qcluster
When I change that line to:
*attach-daemon* *=* python3 ./manage.py qcluster
I get:
python3: can't open file '//./manage.py': [Errno 2] No such file or directory
This may be unrelated to the password problem, but this line runs every minute in the cron job.
Am Donnerstag, 22. Juni 2023, 11:50:57 CEST schrieb Odhiambo Washington:
On Thu, Jun 22, 2023 at 12:34 PM Eggert Ehmke via Mailman-users < mailman-users@mailman3.org> wrote:
This happened several times recently with Postorius Version 1.3.8: -I try to log in as admin -rejected because of wrong password (password is stored in browser) -used forgotten password function -reset password to the stored value from browser -login works now. Works also when logged out/in again -however, the next day this behaviour repeats.
Any hints?
- You have a bug in the browser cache. Try a different browser.
- You can check also mailmanweb logs for clues??
-- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254 7 3200 0004/+254 7 2274 3223 "Oh, the cruft.", egrep -v '^$|^.*#' ¯\_(ツ)_/¯ :-) [How to ask smart questions: http://www.catb.org/~esr/faqs/smart-questions.html]
Mailman-users mailing list -- mailman-users@mailman3.org To unsubscribe send an email to mailman-users-leave@mailman3.org https://lists.mailman3.org/mailman3/lists/mailman-users.mailman3.org/ Archived at: https://lists.mailman3.org/archives/list/mailman-users@mailman3.org/message /BWAVUEMHI56YI7FHTDULIZNIKIAM7324/
This message sent to eggert@eehmke.de
Mailman's content filtering has removed the following MIME parts from this message.
Replaced multipart/alternative part with first alternative.
On Thu, Jun 22, 2023 at 2:22 PM Eggert Ehmke via Mailman-users < mailman-users@mailman3.org> wrote:
There may be broken entries in my config. In web/logs/uwsgi-error.log I get:
Unknown command: 'qcluster' when the entry in uwsgi.ini is:
*attach-daemon* *=* python3 /opt/mailman/venv/lib/python3.9/site-packages/ mailman_web/manage.py qcluster
When I change that line to:
*attach-daemon* *=* python3 ./manage.py qcluster
I get:
python3: can't open file '//./manage.py': [Errno 2] No such file or directory
This may be unrelated to the password problem, but this line runs every minute in the cron job.
May I kindly ask which HOWTO you followed for the installation? In my setup, I have:
# Setup the django_q related worker processes. attach-daemon = /opt/mailman/mm/venv/bin/mailman-web cluster
In the official virtualenv documentation, the configs are as follows: https://docs.mailman3.org/en/latest/install/virtualenv.html#setting-up-a-wsg...
Your configuration is a bit weird.
If you follow: https://docs.mailman3.org/en/latest/install/virtualenv.html#virtualenv-insta...
- then we'd be talking in the same language and it'd be easier to help you out.
-- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254 7 3200 0004/+254 7 2274 3223 "Oh, the cruft.", egrep -v '^$|^.*#' ¯\_(ツ)_/¯ :-) [How to ask smart questions: http://www.catb.org/~esr/faqs/smart-questions.html]
Ok, I think I followed the official guide you mentioned, but obviously mixed something up. With the correct attach-daemon line it works.
I will test the password problem again, maybe it was related. Right now I can log in.
Thanks for your patience.
Am Donnerstag, 22. Juni 2023, 13:33:38 CEST schrieb Odhiambo Washington:
On Thu, Jun 22, 2023 at 2:22 PM Eggert Ehmke via Mailman-users < mailman-users@mailman3.org> wrote:
There may be broken entries in my config. In web/logs/uwsgi-error.log I get:
Unknown command: 'qcluster' when the entry in uwsgi.ini is:
*attach-daemon* *=* python3 /opt/mailman/venv/lib/python3.9/site-packages/
mailman_web/manage.py qcluster
When I change that line to:
*attach-daemon* *=* python3 ./manage.py qcluster
I get:
python3: can't open file '//./manage.py': [Errno 2] No such file or directory
This may be unrelated to the password problem, but this line runs every minute in the cron job.
May I kindly ask which HOWTO you followed for the installation? In my setup, I have:
# Setup the django_q related worker processes. attach-daemon = /opt/mailman/mm/venv/bin/mailman-web cluster
In the official virtualenv documentation, the configs are as follows: https://docs.mailman3.org/en/latest/install/virtualenv.html#setting-up-a-wsg i-server
- then we'd be talking in the same language and it'd be easier to help
you out.
-- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254 7 3200 0004/+254 7 2274 3223 "Oh, the cruft.", egrep -v '^$|^.*#' ¯\_(ツ)_/¯ :-) [How to ask smart questions: http://www.catb.org/~esr/faqs/smart-questions.html]
Mailman-users mailing list -- mailman-users@mailman3.org To unsubscribe send an email to mailman-users-leave@mailman3.org https://lists.mailman3.org/mailman3/lists/mailman-users.mailman3.org/ Archived at: https://lists.mailman3.org/archives/list/mailman-users@mailman3.org/message /LFKXENDLUHSJBRVDNQ3NSBIGUA4ET6AQ/
This message sent to eggert@eehmke.de
Your configuration is a bit weird.
If you follow: https://docs.mailman3.org/en/latest/install/virtualenv.html#virtualenv-insta ll
Sadly, I have to come back to this problem, that still bothers me. I tried to find any issues based on the old thread, to no avail. In the meantime, I even reinstalled my operating system on my desktop, reinstalled the firefox browser. I did import the passwords from the old installation.
The old problem description still applies:
-I try to log in as admin -rejected because of wrong password (password is stored in browser) -used forgotten password function, using my email address -reset password to the stored value from browser -login works now. Works also when logged out/in again -however, the next day this behaviour repeats.
Can we try to catch this bug now, which is most likely in my configuration? Which is:
Debian 12.1 Bookworm Mailman in venv running with dedicated mailman user
Mailman works fine otherwise, the mailing lists are processed as expected.
On 9/22/23 09:50, Eggert Ehmke via Mailman-users wrote:
-I try to log in as admin -rejected because of wrong password (password is stored in browser) -used forgotten password function, using my email address -reset password to the stored value from browser -login works now. Works also when logged out/in again -however, the next day this behaviour repeats.
So apparently the issue is that although you reset your login password to a known value, it doesn't stick and reverts overnight to some other value.
Can we try to catch this bug now, which is most likely in my configuration? Which is:
Debian 12.1 Bookworm Mailman in venv running with dedicated mailman user
Is this the Debian package or installed following https://docs.mailman3.org/en/latest/install/virtualenv.html or something else.
All I can think of is some cron may be resetting the password. If that's it, it's probably a Debian thing. Can you see if there's any cron running the Django admin changepassword command?
If you set the password with the Django admin changepassword command, does it stick?
Can you create another superuser with the Django admin createsuperuser command and does that user's password stick?
-- Mark Sapiro <mark@msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan
Am Freitag, 22. September 2023, 19:34:41 CEST schrieb Mark Sapiro:
On 9/22/23 09:50, Eggert Ehmke via Mailman-users wrote:
-I try to log in as admin -rejected because of wrong password (password is stored in browser) -used forgotten password function, using my email address -reset password to the stored value from browser -login works now. Works also when logged out/in again -however, the next day this behaviour repeats.
So apparently the issue is that although you reset your login password to a known value, it doesn't stick and reverts overnight to some other value.
Yes that it looks like.
Is this the Debian package or installed following https://docs.mailman3.org/en/latest/install/virtualenv.html or something else.
Yes it is a virtualenv installation following that guide.
All I can think of is some cron may be resetting the password. If that's it, it's probably a Debian thing. Can you see if there's any cron running the Django admin changepassword command?
Will try to find that.
If you set the password with the Django admin changepassword command, does it stick?
Never tried that, how do I do that?
Can you create another superuser with the Django admin createsuperuser command and does that user's password stick?
Will try that. So I can create another superuser? Does it need a separate email address? I guess yes
Thank you for your ideas.
On 9/22/23 11:39, Eggert Ehmke via Mailman-users wrote:
Am Freitag, 22. September 2023, 19:34:41 CEST schrieb Mark Sapiro:
If you set the password with the Django admin changepassword command, does it stick?
Never tried that, how do I do that?
In our recommended install, the Django anmin command is mailman-web
so
with your venv active,
$ mailman-web changepassword
will prompt you for a new password for the current user. If you want to change another user's password, specify that user's username as in
$ mailman-web changepassword user
Can you create another superuser with the Django admin createsuperuser command and does that user's password stick?
Will try that. So I can create another superuser? Does it need a separate email address? I guess yes
$ mailman-web createsuperuser
It will prompt for a username, email address and password. The username and email address need to be unique.
-- Mark Sapiro <mark@msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan
Am Freitag, 22. September 2023, 19:34:41 CEST schrieb Mark Sapiro:
Can you create another superuser with the Django admin createsuperuser command and does that user's password stick?
This got me on the right track. My mailman installation hosts several mailing lists that are assigned to different domains. Somehow I had created a superuser account 'admin' for each domain with different passwords. Because the browser stores the password for each domain separately, each time I log in via a different domain, I got the wrong password.
So for now I use the same password for all logins, and that works. But is that a good solution? The other option would be to assign multiple superusers for each domain, but they would still allow to log in via some other domain.
Thank you for your help!
Eggert Ehmke via Mailman-users writes:
So for now I use the same password for all logins, and that works. But is that a good solution? The other option would be to assign multiple superusers for each domain, but they would still allow to log in via some other domain.
If you own the domains, you can probably set up some sort of trivial website on each that does nothing but admin stuff, with the same database backend. Then you can have different passwords for "admin" and the browser will remember them.
Probably more tricky than it's worth.
What are you doing that requires admin privileges, but you want to authenticate separately for each domain? I ask because we've always envisioned creating a domain-level administrator role, but until now we've had no demand for it.
Steve
Dear Stephen, Eggert and everybody.
On 23/09/2023 13:02, Stephen J. Turnbull wrote:
What are you doing that requires admin privileges, but you want to authenticate separately for each domain? I ask because we've always envisioned creating a domain-level administrator role, but until now we've had no demand for it.
I could easily imagine a situation where I'd need an admin per domain:
On my server I have lists
@lists.domain1.tld @lists.domain2.tld @lists.domain3.tld
that are associated with websites
www.domain1.tld www.domain2.tld www.domain3.tld
used by separate "customers"¹ of my server. The "customers" do not know each other and might want to create additional lists in *their* domain.
Currently *I* create all lists for all my "customers", but with list-domain admins I could leave that job to the respective "customers".
Right?
Best wishes, Roland
--
¹) "customers" in quotes because they do not pay for my service.
Hello Roland,
That's exactly my situation.
Am Samstag, 23. September 2023, 18:57:24 CEST schrieb Roland Miyamoto via Mailman-users:
Dear Stephen, Eggert and everybody.
On 23/09/2023 13:02, Stephen J. Turnbull wrote:
What are you doing that requires admin privileges, but you want to authenticate separately for each domain? I ask because we've always envisioned creating a domain-level administrator role, but until now we've had no demand for it.
I could easily imagine a situation where I'd need an admin per domain:
On my server I have lists
@lists.domain1.tld @lists.domain2.tld @lists.domain3.tld
that are associated with websites
www.domain1.tld www.domain2.tld www.domain3.tld
used by separate "customers"¹ of my server. The "customers" do not know each other and might want to create additional lists in *their* domain.
Currently *I* create all lists for all my "customers", but with list-domain admins I could leave that job to the respective "customers".
Right?
Best wishes, Roland
--
¹) "customers" in quotes because they do not pay for my service.
Mailman-users mailing list -- mailman-users@mailman3.org To unsubscribe send an email to mailman-users-leave@mailman3.org https://lists.mailman3.org/mailman3/lists/mailman-users.mailman3.org/ Archived at: https://lists.mailman3.org/archives/list/mailman-users@mailman3.org/message /L2SGU5ADFEMKRLPVDMTTEGJ52GE2JBSS/
This message sent to eggert@eehmke.de
Roland Miyamoto via Mailman-users writes:
I could easily imagine a situation
"Envision" = "imagine".
We have limited resources. If you don't have an actual use case, we will postpone even the discussion until someone who says "I do <this> but it sometimes screws up <that way>" comes along. If you do have a real use case with real costs, we may want to have the discussion of whether this is something we should target in the next release.
Steve
Dear Stephen and everyone,
On 23/09/2023 20:19, Stephen J. Turnbull wrote:
Roland Miyamoto via Mailman-users writes:
I could easily imagine a situation
"Envision" = "imagine".
Sure, you are right, Stephen. In my situation, it would be a nice-to-have, and I can survive without.
I appreciate your work a lot (and I mean "a lot"), and, of course, it is completely up to you and to the other developers to decide, which features to implement and which ones to postpone, or to not even consider.
I take Mailman3 "as is" and try to customise things by myself with my own (limited) resources.
So, thank you for all the good work you are offering for free, including your sedulous support, that you are providing to all of us via this mailing list!
With my kindest regards, yours, Roland
Roland Miyamoto via Mailman-users writes:
I take Mailman3 "as is"
Please don't do that ;-) (except for the NO WARRANTY part :-). We recognize that Mailman 3 is imperfect. Without user feedback, though, we have a hard time deciding what to prioritize. Let us know what you want!
and try to customise things by myself with my own (limited) resources.
If you have any good ideas that may be useful to others, feel free to post them here!
On 9/23/23 09:57, Roland Miyamoto via Mailman-users wrote:
Currently *I* create all lists for all my "customers", but with list-domain admins I could leave that job to the respective "customers".
Right?
That is currently an open issue. See https://gitlab.com/mailman/postorius/-/issues/533
-- Mark Sapiro <mark@msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan
Hello Steve,
my configuration is very much like the one described by Roland.
Am Samstag, 23. September 2023, 13:02:46 CEST schrieb Stephen J. Turnbull:
Eggert Ehmke via Mailman-users writes:
So for now I use the same password for all logins, and that works. But is that a good solution? The other option would be to assign multiple superusers for each domain, but they would still allow to log in via some other domain.
If you own the domains, you can probably set up some sort of trivial website on each that does nothing but admin stuff, with the same database backend. Then you can have different passwords for "admin" and the browser will remember them.
Probably more tricky than it's worth.
I have already URLS like lists.domain1.tld lists.domain2.tld ... not sure what you mean.
What are you doing that requires admin privileges, but you want to authenticate separately for each domain? I ask because we've always envisioned creating a domain-level administrator role, but until now we've had no demand for it.
I just thought it would be cleaner to have separate accounts for each list. Now I understand that the superuser has privileges on all lists.
I also have a setting so that on each URL only the lists are visible that belong to that domain. Sadly I don't remember the setting, but that works.
Cheers, Eggert
Eggert Ehmke via Mailman-users writes:
my configuration is very much like the one described by Roland.
And how much does it cost you? It doesn't sound like you're ready to use the feature at this point, but that often happens when users don't know that there's a feature they could ask for. Is there real risk that domain owners would abuse or mistakenly use site admin privileges on the whole site or on someone else's domains? Are you currently hoping to devolve domain administration to other individuals (now that you know it's probably possible with improvements to Mailman)? Do you have candidates for those domain owners in mind?
The problem on our side is that I don't know how this stuff works, and I don't know how much Mark or Abhilash knows or if they have any time to work on it. At least it's not authentication (which is a hairball I have no trouble saying "NO!!" to ;-), but authorization of roles is potentially complex and certainly risky if we get it wrong (eg, in a commercial hosting situation). So I estimate that implementing this is a significant cost for us (unless some volunteer does it, and of course we're pretty sure there will be a GSoC 2024 -- can't promise students will apply for the task, though).
I don't say that to discourage you from asking for it; please do ask unless your assessment is that the cost to you of not having the "domain admin" role is negligible. I just want to be transparent about why I'm being nosy about your process, and the kinds of things that go into our decision about what to prioritize.
Steve
I do have the exact same situation. I would love to have domain owners be able to create/manage their own lists for their respected Domain.
One problem I see with giving them site ownership: when creating a new list, not only that they could pick the wrong domain by accident, they also see all the other domains present in the installation. That would be a nogo, tehrefore we have to create the lists for all associations on our side.
Kind regards, Jens.
Am 23.09.23 um 20:42 schrieb Stephen J. Turnbull:
And how much does it cost you? It doesn't sound like you're ready to use the feature at this point, but that often happens when users don't know that there's a feature they could ask for. Is there real risk that domain owners would abuse or mistakenly use site admin privileges on the whole site or on someone else's domains? Are you currently hoping to devolve domain administration to other individuals (now that you know it's probably possible with improvements to Mailman)? Do you have candidates for those domain owners in mind?
OK, I'm convinced. No promises yet since I'm not sure of the scope of the work, but here's the issue.
Once I understand the scope and have some idea of the design I will add GSoC and other tags as appropriate.
https://gitlab.com/mailman/mailman/-/issues/1103
Jens Günther writes:
I do have the exact same situation. I would love to have domain owners be able to create/manage their own lists for their respected Domain.
One problem I see with giving them site ownership: when creating a new list, not only that they could pick the wrong domain by accident, they also see all the other domains present in the installation. That would be a nogo, tehrefore we have to create the lists for all associations on our side.
Kind regards, Jens.
On 9/23/23 10:55, Eggert Ehmke via Mailman-users wrote:
I also have a setting so that on each URL only the lists are visible that belong to that domain. Sadly I don't remember the setting, but that works.
That's the Django FILTER_VHOST = True
setting.
-- Mark Sapiro <mark@msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan
Am Samstag, 23. September 2023, 23:02:18 CEST schrieb Mark Sapiro:
On 9/23/23 10:55, Eggert Ehmke via Mailman-users wrote:
I also have a setting so that on each URL only the lists are visible that belong to that domain. Sadly I don't remember the setting, but that works.
That's the Django
FILTER_VHOST = True
setting.
That's right, I have that in my settings.py
participants (6)
-
Eggert Ehmke
-
Jens Günther
-
Mark Sapiro
-
Odhiambo Washington
-
Roland Miyamoto
-
Stephen J. Turnbull