Update on the mailing-lists

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hey!

Last Friday I deployed a new version of the Mailman / Postorius / HyperKitty stack on prod. There are a lot of improvements, but one of the most visible (and maybe the main reason for writing those changes) is the login system. Previously, we mainly relied on Mozilla Persona and FAS. As you may know, Persona will be shut down soon (end of November), so we can't rely on it anymore.

The new system implements more external login providers *and* local authentication, with the classical workflows (user signup, email verification, password reminders, etc). This is for people who don't have or don't want to use external login providers.

When I deployed it, I had feedback from people on the infra group that it creates another user database that isn't managed and audited as well as FAS, and that if people are willing to signup to Mailman, they might as well signup to FAS.
The problem is: former Persona users have been migrated to local accounts (because there soon won't be an external reference to point at anyway) and those people must still be able to access their accounts. They currently do that by requesting a password ("I forgot my password" process).
They can't login through another external service and just add their existing address, since it is not allowed to add an address belonging to another user.

I've thought about that over the weekend and I think we could just disable user signup by redirecting users to FAS. This way existing Persona users could still request a password and login, but the bulk of new users would just create accounts in FAS. Of course we would sill have a database with passwords for some users, but since (to my knowledge) former Persona users can't be migrated to FAS directly, I don't think we can avoid that.

For those who had nightmares for too long with the Mailman 2 plaintext password storage and fear it's coming back, rest assured that the passwords are hashed and salted by Django. There may even be pepper and garlic.
That said, security vulnerabilities in Django are always possible, but we're using the long term support release and I'm following updates.

This is what I propose changing the signup page to:
Please correct my wording if it needs to.

Thoughts, suggestions?

Aurélien
_______________________________________________
infrastructure mailing list -- infrastructure@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to infrastructure-leave@xxxxxxxxxxxxxxxxxxxxxxx
[Index of Archives]     [Fedora Development]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [KDE Users]

  Powered by Linux