[Mailman-Users] User database for htaccess

Jon Carnes jonc at haht.com
Tue Oct 9 01:19:12 CEST 2001 

> I have searched through the Mailman/Python archives and only found a
> couple references to using the same user database and some how strip from
> it the email addresses/passwords and incorporate them into a .htaccess
file
> to protect a separate directory. For instance I have a mailing list on the
> server and have several users of it. I then have a website that will be
> used by them for display of schedules and other information and want to
> protect it from outside viewers but don't want to make them sign up twice
> for something that should be able to be done once. One of the other
> references said to have a file that copies the information from the user
> database and have it run by cron maybe once or twice daily so that new
> mailing list signups will also be allowed into the directory shortly
> thereafter.
>
This is really easy... setup a cronjob to dump out the users of a list:
  ~mailman/bin/list_members mylist >/tmp/mylist_users

This will contain the list of email addresses from your list in Mailman- You
will use folks email addresses as their "username" for access to the web
site.

Since the passwords are stored in the database in text format, you can
simply go to the directory:
  ~mailman/lists/mylist
and dump it from the database.  If you don't want to mess with that, you can
easily dump it out of the strings in the database of the file config.db.
The user names are in the config.db three times.
 - The first is just a list of members of the group.
 - The second is the user followed by their passwords.
 - The third is the user followed by their options.

We want to grab the line following the second occurrence of the name.  This
line has the password on it and a separator which "strings" puts out as an
"s" followed by a return.  That isolates the password.

Once username (email address) and the password are isolated, we can create
an htaccess file usable by Apache from the Mailman database by using the
htpasswd program.

Here is an example script that should get you 9/10s of the way there:

htpasswd -cb .htaccess.new dummy at localhost.com tossaway
for i in `~mailman/bin/list_members mylist`
do
   PASS=`strings config.db |grep -i -A1 $i |head -5 |tail -1 | sed 's/s$//'
`
   htpasswd -b .htaccess.new $i $PASS
done
# replace the .htaccess.mylist file used for list users web access to this
site.
# This gets rid of the dummy line used to create the passwd file, but you
#  could just start with an empty file...
grep -v dummy at localhost.com .htaccess.new > .htaccess.mylist

Consider the above GPL'ed and provided for your amusement, etc...

You could get more sophisticated, but this will keep you Web access
synchronized with your Mailman password.  And that is a nifty thing...

Jon Carnes

More information about the Mailman-Users mailing list