COMMON AUTHENTICATION USING MAILMAN DATA (TESTING )

Mailman gives the options to subscribe to the 'n' of mailing lists hosted on a server. Systers is the largest community of technical women in computing. So ,they have got different Web-Applications like CMS, Wiki or any other authentication based softwares. Mailing list is one of the most used and preferred method of communication in technical groups ,for discussions among the people . Users have to subscribe to each of the list hosted on a server to get updated regarding a particular subject or field of interest. Sometimes it may not be possible to remember each username with password for each lists to which you are subscribed, so why not we can have common authentication system for the Mailing List , which can be used for authenticating with the CMS, Wiki.

OpenID is an open standard that describes how users can be authorized in a decentralized manner, obviating the need for services to provide their own ad hoc systems and allowing users to consolidate their identities.

Python OpenID provides the implementation of OpenID protocol which is scripted for python language.

The source page for this is in : http://pypi.python.org/pypi/python-openid/

Download Python OpenID library to use openid for python

More detailed documentation is available at:

• Download Python OpenID
• Home Page

- Python 2.3, 2.4, or 2.5.

- ElementTree. This is included in the Python 2.5 standard library, but users of earlier versions of Python may need to install it seperately.

- pycrypto, if on Python 2.3 and without /dev/urandom, or on Python 2.3 or 2.4 and you want SHA256.

Untar or Unzip the source code .

Go to the base directory and do the following:

  
     python setup.py install 

Alternatively, you can install using easy_install

     easy_install openid

Let us have a demo for the Common Authentication System for Systers Mailman using Mailman Data. The following links is where the development server and the required wiki, installed to check the OpenID authentication by the Systers OpenID Provider. The links for the use are:

• Dev Mailman ListPage - Here are the lists on the development server that will be considered.

• Systers OpenID Consumer - This is the OpenID Consumer , a form which will ask the user to submit her OpenID identifier to be verified by the Systers OpenID Consumer.

• Systers OpenID Provider - The Main Server Page to handle the authentication and allow different requesting consumer to verify the requested identifier and allow them to use the identity for the client(consumer) , if correct credentials being supplied.

• Wiki for testing - DokuWiki for OpenID Provider testing.

The new Common Gateway Interfaces which has been included for the Common Authentication System.

1. openidreg - This is the page for enabling the OpenID for one of your accounts to which you are subscribed on the server and use the same account to login for Systers OpenID Provider.
2. client - Client is a similar cgi like 'options' where user can edit her settings but 'client' can only be accessed by that username and password for which openid is enabled out of all the subscribed lists.
3. oiduserpage - Page giving the link to users list for which she is subscribed and taking her to the 'Client' Page.

Till now user needs to provide her password once to login for the 'client' and create the cookie because , the work still need to be done ,for using the same cookies from the OpenID Provider after authentication

1. OpenidProvider - This is the provider that we will be using for the OpenId provider, it needs to be run exclusively now , but making it to work with apache will be preferred.
2. OpenidConsumer - Taking the identifier from the user and directing to the OpenidProvider.

The Membership Table will be used for storing the listname,address , password with other options which will provide the data for OpenID Provider to respond to the data query each time. The 'openid' is a boolean data type to make check for the corresponding user have enabled Openid or not.The ownerships for this database is set for user 'mailman' and password 'mailman' on the database 'mailman_members' . You can use the following command to create the table.

     cd /usr/local/mailman
     sudo bin/createmem_table

Schema Screen Shot

The demo for this has been setup on the development server , on http://dev.systers.org/mailman/listinfo . Here is a sample of the demo , how I performed while testing.Initially the following listnames and users were created on the development server.

• Three lists were created named : Membership_test1, Membership_test2, Membership_test3 with the lists password to be membership1,membership2, membership3 respectively.
• Three users were created on the development server named : member1,member2,member3 with their Unix passwords to be member1,member2 and member3 respectively.
• User member1 is subscribed to list Membership_test1 with password:'member11', Membership_test2 (in Digest mode) with password :'member12', Membership_test3 with password :'member13' and her email address is member1@dev.systers.org.
• User member2 is subscribed to list Membership_test1 with password:'member21', Membership_test2 (in Digest mode) with password: 'member22'and her email address is member2@dev.systers.org.
• User member3 is subscribed to list Membership_test1(in Digest mode) with password : 'member31' and her email address is member3@dev.systers.org.

• After subscribing users, on the http://dev.systers.org/mailman/listinfo there is an option for the user to enable common authentication by clicking on the registering openid link , which takes you to the CGI 'http://dev.systers.org/mailman/openidreg' where user can set her openid enabled.

• Here member1 sets her openid OpenID for the list membership_test1 by giving the Username(email address) and password that she used while subscribing to the list membership_test1. If the username , password and listname choosen are correct then a message for successful completion will be shown otherwise a message will be displayed asking her to give her correct username , password for the list which she is choosing.Now member1 can not select different list as she has already choosen membership_test1 as her list for which she will be able to login the Systers OpenID Provider. If she tries to do it she will get an error message saying that this Username has already OpenID enabled for her.

• Now to test her common authentication , the user visits http://dev.systers.org/mailman/listinfo and let us suppose she chooses to go for membership_test1 list ( she can access any of the list if she wants).

• Instead of going through normal login she chooses to use common authentication to access her all subscribed lists. She is directed to the OpenIDConsumer which asks her identity , the identity in her case is http://dev.systers.org:8001/id/member1@dev.systers.org, she needs to give . The OpenIDConsumer checks whether the identifier is valid or not , if it is valid then she is directed to the OpenIDProvider where she needs to provide the username and password of the list (membership_test1) for which she has choosen OpenID to be enabled. If the username,password (member1@dev.systers.org, member11 ) matches correctly she is redirected back to the OpenIDConsumer which shows a link to proceed to the http://dev.systers.org/mailman/oiduserpage/member1@dev.systers.org .

• She is redirected to http://dev.systers.org/mailman/oiduserpage. A header will be showing the list for which she has subscribed her openid i.e. membership_test1 . She clicks on the link and taken to http://dev.systers.org/mailman/client/membership_test1/member1@dev.systers.org. Here she needs to give the password for which she has enabled her openid. After the successful password verification she is directed to her Client Options Page .

• In the clients option page she first checks on the the other subscribed list , She is shown her other subscribed list i.e. membership_test1, membership_test2, membership_test3. She can now visit any of her lists without giving password for each list ,and directed to her client options page directly.

• She can edit all her options for any of her lists as she could do with the normal login . As she logs out the session ends she is no more signed her for the common authentication but , she is still signed in with the Systers OpenIDProvider as the Openid provider uses a different cookie then what is used for the 'Client' membership options.

In case for the other use case functionality , the testing has been done in the given below link Functionality Testing

In Mailman , the normal authentication uses a key in SecurityManager a key = 'listname' + user , so each cookie is being generated with this format for each authentication but, with common authentication the key will be something like = 'string' + user so the content used is same for the user to login with the same password. For this there is a separate securitymanager for database called DBSecurityManager, which calls the getOIDmemberpassword from the DlistMemberships.

As the client memberships is similar to the Options membership but here the authentication is being by the common authentication . It allows the user to access all her subscribed list and change the options for her without giving password for each list as it allows the user to change options for any of the subscribed lists. The user can disable her Common Authentication system .

The change in the database are being reflected whenever a user disables and enables her OpenID/Common Authentication . The 'openid' field is the boolean type which gets to set '0' or '1' whenever the OpenID bit is disabled or enabled. The 'password' field uses chkpass module for postgresql , which stores the password in the encrypted form ,and whenever a user enters her password it is checked for that string , for example the user password for member1 is 'member11', then a query in the mailman_test Table for the mailman_members database will be like:

 
  SELECT address,password='member11' from mailman_test where address='member1@dev.systers.org' ;
  
  If the password matches the entry then,
  
         address        | ?column? 
   ---------------------+----------
    member1@dev.systers.org | t
    
   

Documentation for chkpass module for postgresql http://www.postgresql.org/docs/8.3/static/chkpass.html

The changes are reflected for both the 'Options' and 'Client' memberships page whenever an authorized user changes her settings

One needs to change the common authentication password ,so this feature needs to be completely functional , although it works but not in the same manner that we want. User can also view the other members as we have got the Roster Options and view the other subscribers.

This is the set of screen shots for the work being done so far. http://systers.org/systers-dev/doku.php/project:cgi-screen_shots:start

To download the source code for the Common Authentication , get the code from https://code.launchpad.net/~systers-dev/systers/membership . This is still a development branch and some features needs to be added as mentioned above.