[Mailman-Developers] User-centric authentication and access control

[Waldbieser, Carl]

I am currently using Mailman 2.
If Mailman 3 provides the features I am interested in, that would be great, provided there is some kind of well-defined upgrade path.

I am a bit confused as to what the various components in Mailman 3 are.  Is the web interface to Mailman 3 based on Django?  Is that Postorius?
And if Django is allows you to do user management, where does Mailmania fit into that landscape?

Would I be correct in assuming that if I wanted to use say, CAS authentication for Mailman 3, I could just use a Django middleware like this?

    https://bitbucket.org/cpcc/django-cas/overview

Thanks,
Carl

----- Original Message -----
From: "Simon Hanna" <simon.hanna at serve-me.info>
To: "waldbiec" <waldbiec at lafayette.edu>
Cc: "mailman-developers" <mailman-developers at python.org>
Sent: Tuesday, September 1, 2015 5:14:08 PM
Subject: Re: [Mailman-Developers] User-centric authentication and access control

On Tue, Sep 01, 2015 at 11:15:47AM -0400, Waldbieser, Carl wrote:
> I know that currently, mailman roles are set up such that the roles themselves have a shared password per role.  I want to be able to move away from that model and have roles assigned to individual user accounts that would allow access to the admin interfaces for individual lists.
> 
> For example, say we have mail lists "Campus" and "Board of Trustees".  I might have roles "campus_moderators", "campus_admins", "boardoftrustees_moderators", and "boardoftrustees_admins".
> If I assign the role campus_admins to user "johnsmith", I would like this user to be able to access the mailman admin interface for the "Campus" list using his own credentials.  Ideally, "johnsmith" would not have to present his primary credentials to the mailman interface because our institution has a web single sign-on infrastructure (Web SSO).
> 
> I would like to actually move the authentication and role management *outside* of mailman and have the administrative interface consume the role based information from external sources (e.g. LDAP, CAS or SAML2 attribute release), so I am looking for a more "pluggable" authentication and access management architecture.
> 
> Does anything like this exist for Mailman, or is it on the roadmap?  Are there technical guidelines for how one might contribute toward something like this?

Are you using Mailman version 2 or 3?
>From your mail mentioning single moderator password, I suspect version 2.

In postorius (Mailman 3) you can add moderators and owners,
these will have access to the administrative options.

About LDAP:
You just have to add another authentication mechanism in django.
You will just need to provide an email address for every user.