[Mailman-Users] Pluggable authentication for Mailman web interface?

Waldbieser, Carl waldbiec at lafayette.edu
Tue Sep 1 15:33:04 CEST 2015

I know that currently, mailman roles are set up such that the roles themselves have a shared password per role.  I want to be able to move away from that model and have roles assigned to individual user accounts that would allow access to the admin interfaces for individual lists.

For example, say we have mail lists "Campus" and "Board of Trustees".  I might have roles "campus_moderators", "campus_admins", "boardoftrustees_moderators", and "boardoftrustees_admins".
If I assign the role campus_admins to user "johnsmith", I would like this user to be able to access the mailman admin interface for the "Campus" list using his own credentials.  Ideally, "johnsmith" would not have to present his primary credentials to the mailman interface because our institution has a web single sign-on infrastructure (Web SSO).

I can take this conversation to mailman-developers if that is the more appropriate forum.

Carl Waldbieser
ITS Systems Programmer
Lafayette College

----- Original Message -----
From: "Andrew Stuart" <andrew.stuart at supercoders.com.au>
To: "waldbiec" <waldbiec at lafayette.edu>
Cc: "Mailman-Users" <Mailman-Users at python.org>
Sent: Monday, August 31, 2015 5:08:11 PM
Subject: Re: [Mailman-Users] Pluggable authentication for Mailman web interface?

Can you say more about what you are trying to achieve?

There is an authenticating reverse proxy server for the Mailman REST API at https://gitlab.com/astuart/mailmania

But I don’t think anyone has run it yet - it’s pretty raw, not much more than alpha but fully functional.

I’m sorry but I’ve been dragged to other priorities so there’s no real documentation but I’m happy to answer any questions if you want to give it a try.

This thread really should like on Mailman Developers <Mailman-Developers at python.org> though.


On 27 Aug 2015, at 6:08 am, Waldbieser, Carl <waldbiec at lafayette.edu> wrote:

Are there any guidelines for adding authentication and /or authorization mechanisms to the Mailman web user interface?
Specifically, I was wondering if there is any kind of guidance for authenticating the user via an HTTP header (e.g. HTTP_REMOTE_USER) so that an authenticating reverse proxy could be placed in front of the Mailman web interface.

If there is no such built-in mechanism or pluggable mechanism, is there any kind of guidance on how the existing authentication mechanism might be replaced from a technical standpoint?

Carl Waldbieser
ITS Systems Programmer
Lafayette College
Mailman-Users mailing list Mailman-Users at python.org
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: https://mail.python.org/mailman/options/mailman-users/andrew.stuart%40supercoders.com.au

More information about the Mailman-Users mailing list