Passwords --------- The Majordomo system implements most of its security through the use of passwords. Providing a password causes the system to bypass the normal access checks; if the password is valid and carries the proper authorizations, the action will be carried out. This enables a list owner to administer the list from various addresses and to give others administration duties simply by giving out passwords. There are various overlapping classes of passwords: *) Global passwords. These passwords are authorized to perform actions on all lists at a site. *) List passwords. These can affect only a single list. *) Master passwords. These are authorized to perform any action on the list. The global master password is allowed to perform every action on every list. *) Subsidiary passwords. The list owner (actually anyone who has the list's master password or the global master password) can create an unlimited number of passwords and authorize each to do different things. The concept of subsidiary passwords is powerful. One (or, perhaps, more than one) password can be authorized to perform subscriptions while another can bypass access restrictions on posting messages. Passwords can be authorized to do more than one thing, or to do anything except see or change any of the password. (Only the master passwords are authorized to do that.) In addition, subsidiary passwords can be bound to email addresses. This is not intended to give a large amount of additional security; email can be forged trivially and a user with a password authorized to carry out the 'alias' action can simply equate his address to one which is authorized to do some other action. Still, since the passwords themselves are hidden from view, it prevents casual password guessing. Note that master passwords cannot be bound to addresses. If this is desired, it is best to create a subsidiary password authorized to do 'ALL'. Some sites may even choose not to give master passwords to list owners. For information on how to actually set up and change passwords, see the help topics config master_password config passwords and for information on how to apply passwords, see the 'admin approve' and 'admin default' help topics (for the email interface and text parser) and the manual page for mj_shell.