[Mailman-Developers] Reusing mailman login/pass or cookie ?

Barry A. Warsaw barry@zope.com
Thu, 25 Oct 2001 02:12:09 -0400

>>>>> "timduru" ==   <timduru@timduru.org> writes:

    timduru> I've developped a few php scripts for the users of some
    timduru> of my lists, what I need is to have only users
    timduru> effectively subscribed and authenticated to the lists to
    timduru> be able to use the scripts.

    timduru> I also need to know what is the user's login in the php
    timduru> scripts.

    timduru> Is there a way to do that , either by reproducing the
    timduru> mailman auth process in php or by reusing the mailman
    timduru> cookie ?

    timduru> Anyone has already done that or knows of a way to do that
    timduru> ?

I'm not aware of anybody doing that, but in Mailman 2.1, you could
hook into the membership API to extract a given user's password.  In
Mailman all user passwords are kept in cleartext in the config.pck
file.  Site admin and list admin passwords are not, so that's why you
can't get a reminder for a forgotten list admin password.

You could certainly reuse the Mailman cookie code, or protocol.  See
SecurityManager.py for details of how it works.