Skip to Content.
Sympa Menu

en - [sympa-users] Re: Re: cookie and ssl passwd crypt problem

Subject: The mailing list for listmasters using Sympa

List archive

[sympa-users] Re: Re: cookie and ssl passwd crypt problem

Chronological Thread  
    < Chronological >       < Thread >
  • From: Olivier Salaün - CRU <address@concealed>
  • To: Johan Loubser <address@concealed>
  • Cc: address@concealed
  • Subject: [sympa-users] Re: Re: cookie and ssl passwd crypt problem
  • Date: Wed, 09 May 2007 14:42:26 +0200
Johan Loubser wrote: 
On Thu, Apr 26, 2007 at 09:45:04AM +0200, Olivier Salaün - CRU wrote:
  
 You should ta care to have the same value for the sympa.conf "cookie" parameter on both servers. This parameter usages includes passwords 
 encryption/decryption. It needs to be the same value if both Sympa servers share the same password database.

 See http://www.sympa.org/wiki/manual/upgrading?s=cookie#moving_to_another_server

    ...
    the directory |/etc/sympa.conf| and |wwsympa.conf|. Sympa new installation creates a file |/etc/sympa.conf| (see sympa.conf
    parameters <http://www.sympa.org/wiki/manual/conf-parameters/index>) and randomly initializes the cookie parameter. Changing this
    parameter will break all passwords. When upgrading Sympa on a new server, take care that you start with the same value of this
    parameter, otherwise you might have problems!

 Johan Loubser wrote:
    
I have an old sympa installation on debian woody (sympa 3.3.3)

I am in proses of building a backup server(clone) with same version sympa to keep the proses going while we do a dubble upgrade on the mail server. And migrade to the latest version of sympa.

My problem at the moment on the clone server is that the  passwd is not decrypted as should when login is attemted, same is hapening if the
passwd is requested through mail. The data is in a postgres database.
      
After alot of searching i found that wwsympa is writeing the passwd back to the data base in clear text.
Thus there must be a setting that i am missing that set the passwd writing to md5

My cookie  setting is the same as on the stable running server. 
My key_passwd setting is also the same.
Your problem might be related to a missing Perl module (Crypt::CipherSaber). Sympa's bahavior is to encrypt/decrypt password if this module is installed ; if not password are stored in clear text.

Note that we will start a refactoring of user sessions management in Sympa shortly ; at this occasion we will move to non reversible storage of passwords, using MD5.

Archive powered by MHonArc 2.6.19+.

Top of Page