[Mailman-Users] x.509 cert authentication for web interface?

[Noah Meyerhans]

Hi all.  I'm wondering if anybody has devised a way to authenticate to
the admin/moderator interfaces in Mailman using browser certificates.
We try to use them to authenticate to web services wherever possible,
and have a fairly widely deployed PKI at my site.

It seems like this should be possible, but I really don't know python
and am not very familiar with Mailman's code.  We use Apache and
mod_ssl, which means that we can make a bunch of environment variables
associated with the certificates available to Mailman.  In particular,
we can find out the email address of the user.  It seems like we should
be able to look for that email address in the list of admin or moderator
addresses and consider the user to be authenticated if it's there.  The
web server is already doing the necessary work to verify that the
certificate is valid, so everything presented to Mailman should be
trustworthy.

Any help would be much appreciated.

noah

-- 
Noah Meyerhans                         System Administrator
MIT Computer Science and Artificial Intelligence Laboratory

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://mail.python.org/pipermail/mailman-users/attachments/20040130/852c9623/attachment.pgp