[OpenID] OpenID enabled Mailman
Malveeka Tewari
malveeka at gmail.com
Tue Jun 9 11:24:18 UTC 2009
Thanks for the reply
But I am not sure I understood your suggestion about cookies entirely.
How would the administrator enable the cookie for users accounts?
I mean how do I save the cookies from session of one application and use it
for the other?
Sorry if this is a stupid question, I am only a beginner.
Thanks
Malveeka
On Tue, Jun 9, 2009 at 4:47 AM, SitG Admin
<sysadmin at shadowsinthegarden.com>wrote:
> The reason we want to implement OpenID Provider for Mailman is so that we
>> can use the single sign on for our other internal accounts like our internal
>> wiki etc.
>> We want our users to login in just their mailman account and have single
>> sign on for their other accounts.
>>
>
> If you're getting deep enough into the Mailman code and wiki code to patch
> their existing login systems with OpenID, you should be able to rig
> something much simpler with, say, just a cookie. This might lead to security
> problems if you're hosting each service on a different subdomain (with
> cookies delivered to *.domain.com) AND users get their own webspace on
> subdomains (since then users could read session cookies from other users),
> but if all the subdomains are official you should be fine :)
>
> -Shade
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20090609/08c37e35/attachment.htm>
More information about the general
mailing list