[Mailman-Developers] External domain web authentication

[Donn Cave]

My site (University of Washington) has a central authentication
domain, and we like to use it for everything.  I have hacked
up 2.1b2 to support external authentication, meaning that your
site-wide (UW) login ID is attached to your Mailman email addresses,
and once authenticated by our web login you're authorized to deal
with those emails.

We're getting set to use Mailman for a bunch of lists, like seriously
several thousand.   List membership varies, some are all UW (course
mailing lists), some have hardly any UW members.  Non-UW members will
not be affected, they'll use the existing password system.

UW members can use the password system too (so far, anyway), but they
will normally (we hope) use their UW web login authentication.  That's
a cookie based central system,
http://www.washington.edu/computing/pubcookie/

I process the potential UW login prior to WebAuthenticate(), and if it
works, I can get per list email addresses for that ID, pick the right
one for the page in question, if any, and authorize.  Or if not, go on
to WebAuthenticate() for the email and password.  If authenticated by
ID, I fill in the blanks in the listinfo page.

I have it roughly working, can't tell if anyone but me has really
even tried it yet.  So it's real early in the development cycle.
I can certainly release the code, but at this point it's more like
a bunch of hacks to support our environment, than a solution to the
general problem.  Is there anyone else out there who is doing this
kind of thing, or contemplating it?

The changes are primarily in Cgi/*.py, plus a couple of policy refinements
in MailList.py, and of course a module to handle all the new stuff and
the external database that holds the list/email data for an ID.  The
database in particular is just a stop-gap implementation.

	Donn Cave, University Computing Services, University of Washington
	donn@u.washington.edu