The mailing list for listmasters using Sympa

[Olivier Salaün - CRU <address@concealed>]

Hi Johann,

The 'cookie' parameter (in the sympa.conf file) is a salt used by Sympa 
to encrypt passwords in its database in a not prectable way. Therefore 
if you change this parameter in sympa.conf, it could existing password 
recognition.

Sympa.pl triggers this warning whenever a change of this parameter is 
detected. The cookies.history is maintained to helkp you recover a 
previous value of the cookie parameter. If you don't have it, then you 
should think about restoring your /etc/sympa.conf file.

Johann Spies wrote:

> System:  Debian woody with sympa 3.3.3-3woody2 
>
> Logrotated reported:
>
> "sympa.conf/cookie parameter has changed. You may have severe inconsitencies into password storage.  Restore previous cookie or write some tool to re-encrypt password in database and check spools contents (look at /etc/sympa/cookies.history file)" 
>
> But there is no /etc/sympa/cookies.history and /etc/sympa/cookie has not changed in the past 10 months.  
>
> Now my questions:
>
> 1. What could have triggered this warning?
> 2. How do I "restore previous cookie"?   Would copying a backup of  
> /etc/sympa/cookie to /etc/sympa be enough?
> 3. Is there a tool available to "re-encrypt password in database and  check spools 
> contents"?
>

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature