I know that currently, mailman roles are set up such that the roles themselves have a shared password per role. I want to be able to move away from that model and have roles assigned to individual user accounts that would allow access to the admin interfaces for individual lists.

For example, say we have mail lists "Campus" and "Board of Trustees". I might have roles "campus_moderators", "campus_admins", "boardoftrustees_moderators", and "boardoftrustees_admins".
If I assign the role campus_admins to user "johnsmith", I would like this user to be able to access the mailman admin interface for the "Campus" list using his own credentials. Ideally, "johnsmith" would not have to present his primary credentials to the mailman interface because our institution has a web single sign-on infrastructure (Web SSO).

I can take this conversation to mailman-developers if that is the more appropriate forum.

Carl Waldbieser
ITS Systems Programmer
Lafayette College

----- Original Message -----
From: "Andrew Stuart" <andrew.stuart@supercoders.com.au>
To: "waldbiec" <waldbiec@lafayette.edu>
Cc: "Mailman-Users" <mailman-users@python.org>
Sent: Monday, August 31, 2015 5:08:11 PM
Subject: Re: [Mailman-Users] Pluggable authentication for Mailman web interface?

Can you say more about what you are trying to achieve?

There is an authenticating reverse proxy server for the Mailman REST API at https://gitlab.com/astuart/mailmania

But I don?t think anyone has run it yet - it?s pretty raw, not much more than alpha but fully functional.

I?m sorry but I?ve been dragged to other priorities so there?s no real documentation but I?m happy to answer any questions if you want to give it a try.

This thread really should like on Mailman Developers <mailman-developers@python.org> though.


On 27 Aug 2015, at 6:08 am, Waldbieser, Carl wrote:

Are there any guidelines for adding authentication and /or authorization mechanisms to the Mailman web user interface?
Specifically, I was wondering if there is any kind of guidance for authenticating the user via an HTTP header (e.g. HTTP_REMOTE_USER) so that an authenticating reverse proxy could be placed in front of the Mailman web interface.

If there is no such built-in mechanism or pluggable mechanism, is there any kind of guidance on how the existing authentication mechanism might be replaced from a technical standpoint?

Carl Waldbieser
ITS Systems Programmer
Lafayette College
Mailman-Users mailing list Mailman-Users at python.org
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: https://mail.python.org/mailman/options/mailman-users/andrew.stuart%40supercoders.com.au

Search Discussions

Discussion Posts

Follow ups

Related Discussions

Discussion Navigation
viewthread | post
posts ‹ prev | 1 of 2 | next ›
Discussion Overview
groupmailman-users @
postedSep 1, '15 at 1:33p
activeSep 2, '15 at 12:41a

2 users in discussion

Mark Sapiro: 1 post Waldbieser, Carl: 1 post



site design / logo © 2021 Grokbase