Our site has a Central Authentication Service (CAS) that enables single sign-on across webapps, and I've been tasked with the duty of modifying Mailman to work with that service. That way, list admins do not have to maintain separate usernames and passwords for Mailman and other webapps nor does Mailman itself have to worry about authenticating users properly.

Basically, we need to modify Mailman such that list admins are confronted with the CAS login page rather than the normal Mailman login page that asks for the list administrator password. Mailman needs to check if the admin's logged in through CAS and if not, forward them to the login page. (This is Python code that we already have written.) If the admin's logged in, then Mailman needs to allow the admin access. We also then need to change the logout so that the admin is logged out of both Mailman and CAS (which is done by simply forwarding to a URL).

What I'm having trouble with is figuring out where to stick this code! I've been looking through Mailman for a while, but the structure of the program isn't readily apparent to me. I would appreciate any pointers, advice, or war stories about how to get something like this working.

For now, we aren't worrying about the subscriber side of login until there's the capability of single user sign-on. In fact, we're planning on completely removing this feature from production. However, we may work on it, time permitting, and contribute to the project, since this sort of feature is on the todo list.

So in case my question was lost in all of that text, it basically is: where to start? What files probably need to be modified to handle this?

Thank you. I appreciate any help that I can get.

-- Michael Guo Email: michael.guo@yale.edu URL: http://michaelguo.com AIM: goorulz