On 5/15/06, David Lee <[EMAIL PROTECTED]> wrote:
> List subscribers can already have passwords attached to their membership
> of a particular list, but this is (I understand) only for subscription
> maintenance, not for posting authorisation. So the concept of password
> linked to email address is already present in Mailman.
>
> It would seem reasonable to extend Mailman to have a variant of the
> "Approved:" scheme (albeit with its inherent weak authentication) in which
> the password is associated with each "permitted.poster.1" sender name
> to discriminate a real sender from the spoofer.
>
On the surface, this seems pretty reasonable. It ought to be easy to
amend the bits that checked Approved: against the moderator/admin
password to also check against the user password.
For your purposes (*all* users must include a pssword), I think, this
is trivial:
in Mailman/Handlers/Approve.py, on or about line 108, change:
if passwd is not missing and mlist.Authenticate((mm_cfg.AuthListModerator,
mm_cfg.AuthListAdmin),
passwd):
to:
--BEGIN--
if passwd is not missing and mlist.Authenticate((mm_cfg.AuthListModerator,
mm_cfg.AuthListAdmin,
mm_cfg.AuthUser),
passwd,
msg.get_sender()):
--END--
(without, of course --BEGIN-- and --END--). That said, I don't really
know Python, nor am I intimately familiar with the Mailman codebase,
so you might want to wait for someone more knowledgable to vette this
'solution.'
And, of course, when/if you upgrade, you'll need to re-do this, since
Approve.py will get overwritten.
--
- Patrick Bogen
------------------------------------------------------
Mailman-Users mailing list
Mailman-Users@python.org
http://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe:
http://mail.python.org/mailman/options/mailman-users/archive%40jab.org
Security Policy:
http://www.python.org/cgi-bin/faqw-mm.py?req=show&file=faq01.027.htp
