[Code] [OpenID] OpenID enabled Mailman

Malveeka Tewari malveeka at gmail.com
Mon Jun 8 08:55:53 UTC 2009


Hmm...
The reason we want to implement OpenID Provider for Mailman is so that we
can use the single sign on for our other internal accounts like our internal
wiki etc.
We want our users to login in just their mailman account and have single
sign on for their other accounts.

Can I get pointers to any existing implementations of OpenID Provider and]or
OpenID Relying Party for Mailman or any other applications.
Also any suggestions on how to go about implementing the Provider os Relying
Party ??





So how would I go about implementing the OpenID Relying Party for Mailman?

On Mon, Jun 8, 2009 at 12:34 AM, SitG Admin <sysadmin at shadowsinthegarden.com
> wrote:

> I am working on implementing openID server for the mailman setup I am
>> running.
>>
>
> As someone who has wrestled with getting an OpenID provider operative for
> all users to log into a Relying Party at the same server, let me advise you:
>
> Don't.
>
> At least, not how you're looking to do it. I appreciate the desire to
> integrate support incrementally, but if you're crunching CPU cycles and
> taking up (minimal) network bandwidth for what could be a simple login
> procedure, it's a waste of resources (and *may* expose you to DNS exploits,
> though of course anyone who can control your inner networks to that extent
> probably has full access anyway).
>
> I suggest looking into OpenID as a Relying Party, and requiring foreign
> providers as an *extra* factor of authentication; use them to expand your
> abilities so users can try biometrics/smartcards, but still ask for their
> local password before you'll let them in. That way, even if someone
> completely breaks OpenID (or compromises the foreign OP), they still won't
> be able to get in. This reduces the SSO functionality of OpenID somewhat,
> but is another way you could phase in OpenID support - if someone learned
> the local password but couldn't break biometric/smartcard protection, *they*
> wouldn't be able to get in either.
>
> -Shade
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-code/attachments/20090608/1b756484/attachment.htm>


More information about the Code mailing list