Questions answered by this recipe
MailmanAuth lets you use a Mailman mailing list's membership to control user authentication, without requiring any admin access to said mailing list.
When a user logs in to the wiki, MailmanAuth uses their username (email address) and password to send an HTTP POST request to the mailing list's web access, and based on the server's reply can either allow or deny access.
To install this recipe:
Where MAILMAN_URL is the mailing list root (without the trailing slash!) and LISTNAME is the name of your mailing list. For example, if you can see your list information at
To check more than one mailing list, put each on its own
What it does
Mailman takes the login information given to it and uses it to compose an HTTP POST request to view the options page for the mailing list. If the details match a user of the mailing list, the reply will include a
The following variables may be set in your config.php file to configure the way MailmanAuth works.
It should be obvious that you shouldn't use MailmanAuth if the wiki contains sensitive materials. By using MailmanAuth, you're putting your trust in a completely separate server as well as your connection to said server. If they're both on the same internal network, everything should be fine, but I'm not giving you any guarantees.
The author name is stored in plaintext a cookie in the user's browser (
Since the authentication is done using only the user's data, there's no requirement for the PmWiki maintainer to have admin access to the mailing list, or even to have any access at all.
This is an additional authentication interface to AuthUser, meaning that logins local to PmWiki will work as well. The only thing to note is that Mailman uses email addresses to identify users, so to refer to a user authenticated with MailmanAuth you'll need to use their email address as the ID.
It should take minimal work to take the structure of this recipe and use it to authenticate using any web-based access system. All you need to do is figure out the address to request and the form of the POST variables to give it. For security in the connection, use HTTPS.