[Mailman-Developers] Re: Hacking Mailman to Work with Central Authentication

[Michael Guo]

Our site has a Central Authentication Service (CAS) that enables single 
sign-on across webapps, and I've been tasked with the duty of modifying 
Mailman to work with that service. That way, list admins do not have to 
maintain separate usernames and passwords for Mailman and other webapps 
nor does Mailman itself have to worry about authenticating users properly.

Basically, we need to modify Mailman such that list admins are confronted 
with the CAS login page rather than the normal Mailman login page that 
asks for the list administrator password. Mailman needs to check if the 
admin's logged in through CAS and if not, forward them to the login page. 
(This is Python code that we already have written.) If the admin's logged 
in, then Mailman needs to allow the admin access. We also then need to 
change the logout so that the admin is logged out of both Mailman and CAS 
(which is done by simply forwarding to a URL).

What I'm having trouble with is figuring out where to stick this code! 
I've been looking through Mailman for a while, but the structure of the 
program isn't readily apparent to me. I would appreciate any pointers, 
advice, or war stories about how to get something like this working.

For now, we aren't worrying about the subscriber side of login until 
there's the capability of single user sign-on. In fact, we're planning on 
completely removing this feature from production. However, we may work on 
it, time permitting, and contribute to the project, since this sort of 
feature is on the todo list.

So in case my question was lost in all of that text, it basically is: 
where to start? What files probably need to be modified to handle this?

Thank you. I appreciate any help that I can get.

--
Michael Guo
Email: michael.guo at yale.edu
URL: http://michaelguo.com
AIM: goorulz