[Mailman-Users] Interface questions
jdennis at redhat.com
Wed Oct 19 19:59:45 CEST 2005
On Wed, 2005-10-19 at 13:42 -0400, JOSEPH DAMICO wrote:
> We are considering a conversion from Listproc to Mailman. We have a few concerns, but our chief one is authentication. Here are two questions in this regard:
> (a) We would like to have Mailman interface with our Kerberos system, so that the passwords our students and faculty use for their e-mail, course logins, and almost every other authentication procedure would be the same passwords they use to access mailing lists.
> Has anyone developed a Mailman-Kerberos interface?
> (b) A number of people subscribed to our lists are from outside the university, so a Mailman-Kerberos interface would not work for them.
> Ideally, we would have users communicate with another program (such as Shibboleth). Then we would determine whether to use the Kerberos interface (for university people) or the regular Mailman password (for those non-university people) to communicate with Mailman.
> Has anyone developed a Mailman-Shibboleth interface?
To the best of my knowledge neither has been developed. However, it
isn't terribly hard and you should consider developing it yourself and
contributing the code.
Here is what you would need to do:
Mailman comes with a member adapter plugin. You would override the
method authenticateMember() to perform a authentication validation. I'm
not sure if there is an existing python module for kerberos
authentication, if not you would need to write one that checks the
user's ticket. You would also need to add some code to automatically
invoke your member adapter. You also need a method to determine if the
user is in your kerberos realm, -or- you could attempt a kerberos
authentication and if you get a "unknown principal" error attempt
authentication with your fallback mechanism.
Mailman lets its members set and get their passwords, YOU DO NOT WANT to
allow this with kerberos so you would probably also override
setMemberPassword() and getMemberPassword() to be a no-op. You would
also want to configure the site defaults to never send password
John Dennis <jdennis at redhat.com>
More information about the Mailman-Users