The mailing list for listmasters using Sympa

["Lorenz, Sabine (SCC)" <address@concealed>]

Hello all,

 

I have installed Sympa version 6.2.40 on a test machine and would like to update the password hashes from md5 to bcrypt.

 

Since our production system has more than 100000 users, I want to precalculate the hashes as described on the https://sympa-community.github.io/manual/customize/builtin-auth.html page.

 

To test this, I created a config file /etc/sympa/sympa.conf.bcrypt as described and set the value for password_hash to bcrypt in this config file.

I would now expect a password hash to be placed in /root/sympa.hashes when the following command is invoked:

 

/usr/share/sympa/bin/upgrade_sympa_password.pl --config /etc/sympa/sympa.conf.bcrypt --cache /root/sympa.hashes --noupdateuser

 

But this is not the case, instead I get the following message:

 

~# sudo -u sympa /usr/share/sympa/bin/upgrade_sympa_password.pl --config /etc/sympa/sympa/sympa.conf.bcrypt --cache /root/sympa.hashes --noupdateuser

Recoding password using bcrypt fingerprint.

Password from address@concealed already encoded as md5 fingerprint

Found in table user 1 passwords stored using md5. Did you run Sympa before upgrading?

Updated 0 user passwords in table user_table using bcrypt hashes.

 

So Sympa recognizes that bcrypt is set in the config file, but still does not create a new hash for the user address@concealed saying that this hash is already an md5 hash.

Am I doing something wrong or is there a bug in the upgrade_sympa_password.pl script ?

 

Is it actually an alternative, if instead of upgrading all users once, I simply set the value for password_hash to 1 on the new production server (6.2.40) in the config /etc/sympa/sympa/sympa.conf (the value for password_hash_update is already set to 1 anyway) and the passwords are updated to bcrypt each time the users log in?

(I don't dare to do that, because the comment for the password_hash parameter says "## Should not be changed! May invalidate all user passwords.")

 

Kind regards and thanks for any help,

Sabine

 

 

 

----------

Karlsruher Institut für Technologie (KIT)
Steinbuch Centre for Computing (SCC)

Sabine Lorenz

Hermann von Helmholtz Platz 1
76344 Eggenstein-Leopoldshafen

Telefon: +49 721 608-28633
E-Mail: address@concealed
www.kit.edu/scc

Sitz der Körperschaft:
Kaiserstraße 12, 76131 Karlsruhe

KIT – Die Forschungsuniversität in der Helmholtz-Gemeinschaft
Das KIT ist seit 2010 als familiengerechte Hochschule zertifiziert.

 

Attachment: smime.p7s
Description: S/MIME cryptographic signature