xAuth
xAuth v2.6.x
Authentication plugin for bukkit powered servers
About
xAuth is a second-factor authentication plugin that can be used to secure player accounts on your server. As the plugin has been enhanced over time, the direction and main purpose have expanded to new possibilities. Let's say you run a community page. With xAuth, players can authenticate using their forum accounts or using a web-driven account management system. It is also possible to get the credentials from a foreign database.
Important Notice
Before upgrading please read xAuth Documentation (external link). I have added documenation to my Confluence instance that will be updated over time. Permissions Node changed! If you get "command is restricted" you most likely did not check the release log.
Further Instructions can be found there.
Concept
The basic idea of this protection plugin is allowing players to register an account based on their player name and a supplied password and optionally their email-address. When a registered player connects to the server, that player will be prompted to authenticate his or herself by logging in. If and only if a valid password is supplied, they will regain full control of their account until their session expires.
Permissions (READ ME)
This plugin has the ability to block almost any action (including command execution) for guests and registered xauth players. It also does not use negated permissions in order to not interfere with existing plugins. Permissions are "allowed" or "restricted".
Important-Note:
In order to restrict certain actions executed by registered xauth players you need to restrict them since xauth players are trusted. This is different from guests since the default for guests is always "restrict" if not set since a guest is an unknown state. Guest nodes can also only be set via configuration and have the last say even if you might have the right to execute any command.
Please keep in mind in order to block admin commands you need to restrict them via xauth.restrict.player.command.xauth.* or add each command to a group.
This might be confusing at first but has its cons since you always can see if a permission is restricted or allowed via permission node and not via bullet point. More details can be found on page Permission-System
Features
- Before registering/logging in, players can't:
- Chat, execute commands, interact with objects (like levers or chests), move or pickup items
- Break or place blocks
- Receive or give damage, be targeted (followed) by hostile mobs
- Inventory and location protection
- Command TabCompletion including Configuration Node Browser!
- In-depth setting and message configuration
- Persistent login session through server restarts
- Player name filter and password complexity configuration
- Kick non-logged in (but registered) players after a configureable amount of time
- Fine graded Permission System that also allows you to block interactions or commands
- Permissions support (PermissionsEx, Bukkit, GroupManager)
- Kick or temporarily lockout the IP address of a player who fials to log in after a configureable amount of tries
- Custom, highly secure password hashing
- Authenticate yourself with /login <password>
- H2 / mySQL Database storage supported
- Authentication over URL (AuthURL) allows for connection to forum or website databases
- Auto-Updater (thanks to Gravity)
News
Checkout the News & Upcoming-Changes page for details.
Wiki
The Wiki is located on github.
Please visit the Github Project-Page and click on Wiki
Credits
All credits goes to CypherX from bukkit forums who created this plugin. Thanks for your work and long time support!
The old bukkit-thread can be found here
Contact
If you need help regarding the plugin please use the Issue Link in the navigation bar or contact me via private message.
@luricos
whats wrong with spigot? Spigot <3
Hello.
Got some errors in logs using latest 2.6.0
http://pastebin.com/ut27LK7s
http://pastebin.com/dkuXb646
Can you add Somethin were if there premium it skips the /register thing?
@ luricos I switch to debug mode and get the following information:
Node: 'xauth.security.deny.command.target.xauth.unregister.xauth.unregister.bea1', result: true.
But i didn´t set any restrictions. In my posting #239 you see all permissions that i use.
Btw, i already use Java 7.
@BotanistT
i don't have tested 1.8 yet since i would have to use spigot then.
@daisyduck1
try to use debug mode for permissions and check if the right ones are checked. If its not checking for documented permission nodes (see https://luricos.de/wiki/display/xAuth/Commands+and+Permissions) then you may have installed java 8 and you need to use java 7 at the moment.
Is this working for 1.8.7?
Since i update to xAuth v2.6.0 i couldn´t make /xauth unregister PLAYER ingame. I get: "You do not have permission to use ´PLAYERNAME` as target. I set xauth.allow.* for guests and for admins: xauth.security.player.use.admin.command + xauth.allow.player.use.admin.command + xauth.allow.player.command.xauth.* (btw i am also OP)
I also read the Issue xAuth198, but i didn´t set xauth.security.deny.command.target.<player>.
Miss i a permission for unregister a player?
@keeganjohn
Switching to 1.7.9 pex didn't fix the problem. Having just Pex and Xauth presented the same problem.
@luricos
I will try that, does that mean I can switch to a version of pex designed for 1.7.9 and it will fix the problem?
@keeganjohn
try to start the server with only the plugin and permissionsex. Also running pex with a version that is only supported for 1.8 servers will result in this error.
I really need some help. I'm trying to use xAuth so I can use BungeeAuthMe. Whenever Someone tries to Register or Login, It just says "You Don't have permission to use the Register/Login Command!". I'm sure I typed something wrong somewhere or just missed something, but I honestly can't figure out what. I also tried switching to Java 7 like the previous comment says, that didn't work either. Please Help!
@LosTxDream
If you use Java 8 use Java 7 then it will work.
Hey! I've a Problem. Nobody is able to login. It says "You do not have the permission to login!" But everybody got "xauth.allow.*" even me, with "'*'" can't login.
Somebody an idea?
I use Permissionsex and my Permissions are set up correctly. (YAML parsed and so on..) I use the latest version of xAuth and Permissionsex + the latest spigot (1.8.3)
@xion87
Thanks. I will have a look at it.
@MasterMithrandir
There is a Tool available for that but not yet integrated into xAuth. Adding this request to roadmap.
@xSeeron
I dont have an import ready for LoginSecurity yet.
@Camaroz1
Extending xAuth Documentation is on my todo list
@RaycusMX
I need to look into that. Could be a bug. Can you please open a ticket?
@xSeeron
account limits is currently bugged. I will rework this feature when profiles are fully implemented.
Authme Reloaded sql Database converter?
any tutorial for Xenforo Integration?
Hi i have problem with Account-limits my confin is this http://prntscr.com/71gw88
@xSeeron
Sorry for the question, but, Why you will change your LoginSecurity?
If i have a Loginsecurity DB i can import to xAuth?