Victoriano Giralt writes:
El vie, 23-10-2020 a las 08:19 -0700, Mark Sapiro escribió:
This would be more difficult for Postorius/Hyperkitty because those users are Django users, but that isn't an issue for Affinity.
All of a sudden, an idea has dawned on me ... Wouldn't it be possible for Postorius/Hyperkitty, both Django applications, to use Mailman core user model as their User model? It is just a setting for Django (AUTH_USER_MODEL).
I find the "just a setting" claim a bit implausible. I suspect a certain amount of replumbing of Postorius and HyperKitty will be necessary to get it to work.
Most important, the "AUTH_" is pretty scary. Mailman core has *no* authentication built in. It is assumed to be firewalled off from the rest of the world with only access from Postorius and HyperKitty permitted. Can you expand on how hard it would be to do this? Remember that some Mailman instances are either big targets (eg, Apple) or require good security for content reasons (lists for doctors' patient support groups, domestic violence support groups).
This is not a great authn/authz model in the modern Internet, but as far as I can see changing it is going to be quite a lot of work, and none of us are authentication specialists (although Abhilash did study security, I don't think he specialized in authentication tech) -- providing reasonably reliable and secure authentication services, especially "social auth" (OpenAuth, OpenID etc) is an important reason we went with Django in the first place.
Steve