We identify three main goals for Mailman/Moira integration: using Mailman lists in AFS ACLs, using Moira or Mailman lists as the administrator of a Mailman list, and administrating Mailman lists from the command line via tokens.
Currently, every Mailman list has a corresponding Moira list that contains firstname.lastname@example.org and can contain other entries. Our proposal is for this setup to be modified slightly. First, the AFS group bit ('blanche -G') on such lists will be set. Secondly, there will be a synchronization script that runs on the Mailman server (using the list_members command). The synchronization script would run as a cron job. When the synchronization script runs, it looks at the members of the Mailman list. For each that ends in @mit.edu or another ending where we have cross-cell authentication (@csail.mit.edu, etc.), it adds the corresponding Kerberos principal as a KERBEROS: member to the Mailman list's Moira counterpart. This allows the relevant users to have rights in ACLs without receiving the mail that would otherwise be sent to them by Moira. @mit.edu addresses that are Moira lists will be expanded as 'blanche -r'. USER: and KERBEROS: members will be added as KERBEROS: members; STRING: members will be ignored. Any KERBEROS: members previously on the Moira list other than the @mailman.mit.edu entry that are not generated by this process will be removed.
Note that the current practice of putting KERBEROS: principals on Moira lists can be maintained by creating an auxiliary Moira list containing only Kerberos principals and adding this list to the Mailman list.
If the overhead of this syncing process is nontrivial, the syncing could be enabled or disabled via a checkbox in the Mailman admin options.
Allowing Moira Lists to admin Mailman lists
We assume that the current certificate-based authentication for MIT's version of Mailman basically compares the email address in the user's certificate to the list of administrators, seeing if it matches any of them. We would modify this by checking if any of the administers is an @mit.edu address that is a Moira list, and for each such list expanding it with 'blanche -r' and adding the resulting USER: and KERBEROS: members to the end of the list of valid admin users. Note that this would allow a Mailman list synced to Moira as in (1) to administer another Mailman list, or even to administer itself.
Administrating Mailman lists from the command line
We recognize that the current mmblanche implementation is not a permanent solution to command- line administration of Mailman lists. There are two reasons for this. Firstly, mmblanche uses the administrator password of the list for authentication. It should instead use tickets to authenticate via the same mechanism as the current web certs interface. Secondly, the existing mmblanche scrapes the web server to execute commands and query lists, resulting in unnecessary load and inefficiency. Both issues could be overcome relatively easily by configuring the Mailman web server to allow SPNEGO authentication, and adding to the Mailman sources an additional web interface which accepts blanche-style commands and executes them using the same backend as the existing web interface.