Secondary (IP based) Authentication

Discussion in 'Archived: Plugin Requests' started by Incendia, Feb 4, 2011.

  1. Offline

    Incendia

    The basic idea:

    You'd run this plugin with online mode enabled, and when someone logs in to your server it adds them and their connected IP to a list. Once they have a username/IP combo stored, and if the connection to notch's auth server times out, the plugin would kick in and check the list to see if the IP they are trying to connect from matches the IP on file. If it does, it lets them in like normal, but if it doesn't:

    An authcraft-like password login system would be a third level if the first two fail, so even if the main auth server and IP checks fail, they would still be able to connect and play (just like authcraft, no movement or inventory changes would be allowed until registration and login). This would solve any problems for dynamic IP users.
    1. AUTH SERVER
    2. IP CHECK
    3. PASSWORD LOGIN
    If you are authenticated by either 1 or 2, you will be able to change your login password without knowing your old one (just incase someone tries to jack your name or you forget your password)

    The idea can use refining I'm sure.
     
  2. Offline

    Synicyde

    I second this idea..
     
  3. Offline

    kivan117

    Sounds good to me. I think if 1 is down (yet again) then a combination of 2 & 3 would be best. You'd still need to login as per 3, but if 2 was also validated then it would allow password changes, etc.
     
  4. Offline

    Synicyde

    You'd have to login before the original auth server goes PLOOSH
     
  5. Offline

    Incendia

    Am I allowed to bump this? Delete this post if not...
     
  6. Offline

    iSushi

    You're not allowed to bump threads :p . But once can't hurt.

    I like the idea, and I thought about the same thing myself. However!, most IP hosts use a dynamic IP, so it changes often. This means most users can't get on after a period of time.

    So lets say the idea was created. The way around it would be like this: The server makes an dynamic DNS and gives the player a username and password for the server website, the player downloads an automatic DNS updater (software) or updates it manually when their IP changes via. the username or password they have been given.
    That's pretty complicated thought (for the developer of the plugin and the more IT stupid players), but it would work smooth on some servers where they got support for a website. :) Of course they could just use "<server IP>:custom port" for those servers without website, like dynmap does.
     
  7. Offline

    Incendia

    :p

    Just gotta make them register when they join the server the first time.
     
  8. Offline

    blacksmithgu

    This is a great idea, but unfortunately the problem with this is it requires a mod directly to the server, and not as a plugin loaded by the server, as the API does not currently support custom login handling.

    Suggest the idea of adding custom login managing to a moderator. See what they say.
     

Share This Page