On Wed, 2005-10-19 at 13:42 -0400, JOSEPH DAMICO wrote: > (a) We would like to have Mailman interface with our Kerberos system...
hmm... thinking about this a bit more, while getting mailman to authenticate with kerberos wouldn't be hard you're going to run into some other nasty problems you can't ignore 1) The web pages will prompt for credentials, you do not want this because kerberos is a single signon system (SSO). You would want to remove this prompting, that is a larger task. But you may need to retain it for users not your kerberos realm, but see points 2 and 3. 2) You will be dependent on external mechanisms for ticket generation. That may or may not play well for your mailman user community. For example if I'm trying to access mailman remotely via the web how would I establish a ticket? 3) Unless you force all your mailman URL's to use SSL (TLS) and you allow password entry you will have exposed a very critical password to the world, potentially the kerberos passwords of your entire user community. Mailman currently transmits passwords in the clear in many circumstances, the only reason this has not become more of an issue is because user's are encouraged not to use an important password for mailman. -- John Dennis <[EMAIL PROTECTED]> ------------------------------------------------------ Mailman-Users mailing list Mailman-Users@python.org http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-users/archive%40jab.org Security Policy: http://www.python.org/cgi-bin/faqw-mm.py?req=show&file=faq01.027.htp