The mailing list for listmasters using Sympa

[address@concealed]

Steven Peterson wrote:
> address@concealed wrote:
>
> > Steven Peterson wrote:
> >
> > > We need to use a different shared secret for each robot.  I have set 
> > > the
> > > default cookie parameter in the sympa.conf file, but when I try to 
> > > set a
> > > 'cookie' parameter to the robot.conf files, I get an error saying 
> > > that 'cookie'
> > > is an unrecognized parameter.  Is there a way to have different 
> > > shared secrets
> > > for each robot?  I am using Sympa 5.3a.10.
> > >   
> >
> > That's true. It is not a pretty feature. Our plan to change this is 
> > to remove this unsafe parameter. password storage will not stay with 
> > reversible encryption but we will use only password fingerprint. In 
> > addition cookie will contain a random key stored in a session table.
> >
> > This is describe here 
> > http://www.sympa.org/wiki/dev/projet_direction#authentication_architecture 
> >
> > and  http://www.sympa.org/wiki/dev/projet_direction#sessionning
> Thanks for your response.  Are you saying that there is currently no 
> way to have different shared secrets between robots?  In other words, 
> there is only one cookie parameter for all robots?
Yes in the current version there is a single cookie parameter because 
the user email is the key in the user_table  (so there is only one 
password stored for each email where you would prefer to store a email + 
password for each robot.

Serge Aumont
> - Steve