[Mailman-Users] Interface questions
John Dennis
jdennis at redhat.com
Wed Oct 19 20:20:51 CEST 2005
On Wed, 2005-10-19 at 13:42 -0400, JOSEPH DAMICO wrote:
> (a) We would like to have Mailman interface with our Kerberos system...
hmm... thinking about this a bit more, while getting mailman to
authenticate with kerberos wouldn't be hard you're going to run into
some other nasty problems you can't ignore
1) The web pages will prompt for credentials, you do not want this
because kerberos is a single signon system (SSO). You would want to
remove this prompting, that is a larger task. But you may need to retain
it for users not your kerberos realm, but see points 2 and 3.
2) You will be dependent on external mechanisms for ticket generation.
That may or may not play well for your mailman user community. For
example if I'm trying to access mailman remotely via the web how would I
establish a ticket?
3) Unless you force all your mailman URL's to use SSL (TLS) and you
allow password entry you will have exposed a very critical password to
the world, potentially the kerberos passwords of your entire user
community. Mailman currently transmits passwords in the clear in many
circumstances, the only reason this has not become more of an issue is
because user's are encouraged not to use an important password for
mailman.
--
John Dennis <jdennis at redhat.com>
More information about the Mailman-Users
mailing list