Subject: The mailing list for listmasters using Sympa
List archive
- From: "Lorenz, Sabine (SCC)" <address@concealed>
- To: "address@concealed" <address@concealed>
- Subject: [sympa-users] Password-Update md5 -> bcrypt
- Date: Wed, 10 Nov 2021 15:40:40 +0000
Hello all,
I have installed Sympa version 6.2.40 on a test machine and would like to update the password hashes from md5 to bcrypt.
Since our production system has more than 100000 users, I want to precalculate the hashes as described on the https://sympa-community.github.io/manual/customize/builtin-auth.html page.
To test this, I created a config file /etc/sympa/sympa.conf.bcrypt as described and set the value for password_hash to bcrypt in this config file. I would now expect a password hash to be placed in /root/sympa.hashes when the following command is invoked:
/usr/share/sympa/bin/upgrade_sympa_password.pl --config /etc/sympa/sympa.conf.bcrypt --cache /root/sympa.hashes --noupdateuser
But this is not the case, instead I get the following message:
~# sudo -u sympa /usr/share/sympa/bin/upgrade_sympa_password.pl --config /etc/sympa/sympa/sympa.conf.bcrypt --cache /root/sympa.hashes --noupdateuser Recoding password using bcrypt fingerprint. Password from address@concealed already encoded as md5 fingerprint Found in table user 1 passwords stored using md5. Did you run Sympa before upgrading? Updated 0 user passwords in table user_table using bcrypt hashes.
So Sympa recognizes that bcrypt is set in the config file, but still does not create a new hash for the user address@concealed saying that this hash is already an md5 hash. Am I doing something wrong or is there a bug in the upgrade_sympa_password.pl script ?
Is it actually an alternative, if instead of upgrading all users once, I simply set the value for password_hash to 1 on the new production server (6.2.40) in the config /etc/sympa/sympa/sympa.conf (the value for password_hash_update is already set to 1 anyway) and the passwords are updated to bcrypt each time the users log in? (I don't dare to do that, because the comment for the password_hash parameter says "## Should not be changed! May invalidate all user passwords.")
Kind regards and thanks for any help, Sabine
---------- Karlsruher Institut für Technologie (KIT) Telefon: +49 721 608-28633 Sitz der Körperschaft: KIT – Die Forschungsuniversität in der Helmholtz-Gemeinschaft
|
Attachment:
smime.p7s
Description: S/MIME cryptographic signature
- [sympa-users] Password-Update md5 -> bcrypt, Lorenz, Sabine (SCC), 11/10/2021
Archive powered by MHonArc 2.6.19+.