I know that currently, mailman roles are set up such that the roles themselves have a shared password per role. I want to be able to move away from that model and have roles assigned to individual user accounts that would allow access to the admin interfaces for individual lists.
For example, say we have mail lists "Campus" and "Board of Trustees". I might have roles "campus_moderators", "campus_admins", "boardoftrustees_moderators", and "boardoftrustees_admins". If I assign the role campus_admins to user "johnsmith", I would like this user to be able to access the mailman admin interface for the "Campus" list using his own credentials. Ideally, "johnsmith" would not have to present his primary credentials to the mailman interface because our institution has a web single sign-on infrastructure (Web SSO). I can take this conversation to mailman-developers if that is the more appropriate forum. Thanks, Carl Waldbieser ITS Systems Programmer Lafayette College ----- Original Message ----- From: "Andrew Stuart" <andrew.stu...@supercoders.com.au> To: "waldbiec" <waldb...@lafayette.edu> Cc: "Mailman-Users" <Mailman-Users@python.org> Sent: Monday, August 31, 2015 5:08:11 PM Subject: Re: [Mailman-Users] Pluggable authentication for Mailman web interface? Can you say more about what you are trying to achieve? There is an authenticating reverse proxy server for the Mailman REST API at https://gitlab.com/astuart/mailmania But I don’t think anyone has run it yet - it’s pretty raw, not much more than alpha but fully functional. I’m sorry but I’ve been dragged to other priorities so there’s no real documentation but I’m happy to answer any questions if you want to give it a try. This thread really should like on Mailman Developers <mailman-develop...@python.org> though. as On 27 Aug 2015, at 6:08 am, Waldbieser, Carl <waldb...@lafayette.edu> wrote: Are there any guidelines for adding authentication and /or authorization mechanisms to the Mailman web user interface? Specifically, I was wondering if there is any kind of guidance for authenticating the user via an HTTP header (e.g. HTTP_REMOTE_USER) so that an authenticating reverse proxy could be placed in front of the Mailman web interface. If there is no such built-in mechanism or pluggable mechanism, is there any kind of guidance on how the existing authentication mechanism might be replaced from a technical standpoint? Thanks, Carl Waldbieser ITS Systems Programmer Lafayette College ------------------------------------------------------ Mailman-Users mailing list Mailman-Users@python.org https://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-users/andrew.stuart%40supercoders.com.au ------------------------------------------------------ Mailman-Users mailing list Mailman-Users@python.org https://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-users/archive%40jab.org
