[Mailman-Developers] sender-based authorisation

David Lee t.d.lee at durham.ac.uk
Fri May 19 19:15:19 CEST 2006


On Fri, 19 May 2006, Brad Knowles wrote:

> At 3:19 PM +0100 2006-05-19, David Lee wrote:
>
> >  But then the potentially useful moderation-bypass "Approved: listpw"
> >  mechanism has the problems of requiring many people to share a particular
> >  list's password,
>
> 	Yup.
>
> >                   and of the passwords across a cluster of lists having to
> >  be common.
>
> 	I'm not convinced that's necessary.  Each list could have their
> own approval password, and there is no technical reason why they
> would need to share that password with any other list.

One of our site's uses is people in the top-level management of the
university sending out an email (a few per week) to a set (order ten) of
announcement lists.  The set of lists might vary from email to email (e.g.
email-1 about exams to the all student lists; email-2 about marking to to
the academic-staff list and to the secretarial list; email-3 about holiday
cover to all the staff lists).

   From: a.supremo at here.dom.ain
   To: list-1 at here.dom.ain, list-2 at here.dom.ain, ... list-10 at here.dom.ain

My understanding is that to get this email straight through using the
"Approved:" mechanism all those lists (i.e. their superset) would
currently need to share a common password.  (I haven't seen documented the
ability to have multiple one-per-list, "Approved:" lines.)

If I've misunderstood this functionality (i.e. perceived limitation)
please let me know... it's central to what I'm looking for!

And then there might be another cluster of announcement lists, say within
a particular department, with a basically different set of people who
would post, and so with a different password on their lists.  But it might
be highly desirable to permit occasional posting by a subset of the former
(top-level management) group of people.  They certainly won't want to have
to know those (different) list-based passwords for the list clusters in
and across every department!


> 	That said, there may be operational reasons why you might end up
> going down this road, such as people not being good at remembering
> large numbers of passwords.

Hence my suggestion of a person's (single) personal "sender" password into
the overall system, entitling them to send to those Mailman lists whose
"authorised_senders" includes them.  This might be viewed as (very
roughly) analogous to single sign-on.

On the big, university-wide lists, the "authorised_senders" group would
typically be the university's top-level management, and people such as
"postmaster".  On the departmental lists, "authorised_senders" might be
several (all?) staff in the department, perhaps occasional guests, and
(again) some (all?) of the university's top-level management.

Does that help.


> 	Beyond that, I'm not sure that I can contribute much of anything
> more to this discussion.

Simply sanity-checking my reasoning from your experience of mailman.
(Whether you agree is another matter!)  Until three weeks ago, I had never
run a mailman installation, so I feel like a fish almost out of water.

Thanks.  Best wishes.



-- 

:  David Lee                                I.T. Service          :
:  Senior Systems Programmer                Computer Centre       :
:                                           Durham University     :
:  http://www.dur.ac.uk/t.d.lee/            South Road            :
:                                           Durham DH1 3LE        :
:  Phone: +44 191 334 2752                  U.K.                  :


More information about the Mailman-Developers mailing list