xAuth
xAuth v2.6.x
Authentication plugin for bukkit powered servers
About
xAuth is a second-factor authentication plugin that can be used to secure player accounts on your server. As the plugin has been enhanced over time, the direction and main purpose have expanded to new possibilities. Let's say you run a community page. With xAuth, players can authenticate using their forum accounts or using a web-driven account management system. It is also possible to get the credentials from a foreign database.
Important Notice
Before upgrading please read xAuth Documentation (external link). I have added documenation to my Confluence instance that will be updated over time. Permissions Node changed! If you get "command is restricted" you most likely did not check the release log.
Further Instructions can be found there.
Concept
The basic idea of this protection plugin is allowing players to register an account based on their player name and a supplied password and optionally their email-address. When a registered player connects to the server, that player will be prompted to authenticate his or herself by logging in. If and only if a valid password is supplied, they will regain full control of their account until their session expires.
Permissions (READ ME)
This plugin has the ability to block almost any action (including command execution) for guests and registered xauth players. It also does not use negated permissions in order to not interfere with existing plugins. Permissions are "allowed" or "restricted".
Important-Note:
In order to restrict certain actions executed by registered xauth players you need to restrict them since xauth players are trusted. This is different from guests since the default for guests is always "restrict" if not set since a guest is an unknown state. Guest nodes can also only be set via configuration and have the last say even if you might have the right to execute any command.
Please keep in mind in order to block admin commands you need to restrict them via xauth.restrict.player.command.xauth.* or add each command to a group.
This might be confusing at first but has its cons since you always can see if a permission is restricted or allowed via permission node and not via bullet point. More details can be found on page Permission-System
Features
- Before registering/logging in, players can't:
- Chat, execute commands, interact with objects (like levers or chests), move or pickup items
- Break or place blocks
- Receive or give damage, be targeted (followed) by hostile mobs
- Inventory and location protection
- Command TabCompletion including Configuration Node Browser!
- In-depth setting and message configuration
- Persistent login session through server restarts
- Player name filter and password complexity configuration
- Kick non-logged in (but registered) players after a configureable amount of time
- Fine graded Permission System that also allows you to block interactions or commands
- Permissions support (PermissionsEx, Bukkit, GroupManager)
- Kick or temporarily lockout the IP address of a player who fials to log in after a configureable amount of tries
- Custom, highly secure password hashing
- Authenticate yourself with /login <password>
- H2 / mySQL Database storage supported
- Authentication over URL (AuthURL) allows for connection to forum or website databases
- Auto-Updater (thanks to Gravity)
News
Checkout the News & Upcoming-Changes page for details.
Wiki
The Wiki is located on github.
Please visit the Github Project-Page and click on Wiki
Credits
All credits goes to CypherX from bukkit forums who created this plugin. Thanks for your work and long time support!
The old bukkit-thread can be found here
Contact
If you need help regarding the plugin please use the Issue Link in the navigation bar or contact me via private message.
@luricos
Hi! Is there any plugin update to 1.8/1.9 minecraft?
@Gnacik
ím working on a remote java app where you can do all sorts of this stuff outside of minecraft. Also password recovery is on my list yes.
I have in pex that nodes, and its working :
make sure that you are using java7
Luricos: maybe you have in plans some email based system to password recover ? Its important feature which is missing. Players alwyas forget passwords, loose pass, or give to other players (and that other one is changing it) and its always problem to check who is real account owner. So password recovery feature will be really nice :)
@luricos
I have the same problem. Even with debug mode enabled and adding guest.allow.command.pre.register to my default/guest group, i/they still don't have permission to /register (i even added xauth.allow.player.command.register).
I use Essentials/GroupManager btw.
@jeff0142
it depends which mode you are in. Guest or Registered? Then its true. In guest mode xauth does ignore any permission plugin and you would also need to use guest nodes which are easy to configure via xauth config node browser.
If you have a problem with the plugin feel free to create a ticket on my jira so i can help you solve the problem.
Il be honest, I've used Xauth for about 3 years now, and i've never been more put off then by its "new" permissions system. Setup is now more complicated and and annoying, Ive added xauth.allow.command.pre.* to my pex and still get the "you do not have permisson to use" its all most like PEX dose not even exist. Sadly to keep my server up, it looks like I will need to move to xauth. Im not here to discourage you, but I liked the simplicity of xauth, and its easy of use.
(Yes its set to use pex, yes its java 7, Yes I've tryed every verison on bukkit)
@luricos
i currently use spigot for best performance
@rakion99
@Kino876
Do you use spigot or another server software?
@Kino876
same for me i cant downgrade because some plugins dont work in java 7 also others auth plugins are poor and not working
@luricos
luricos, do you have in mind upgrade to Java 8?.
In my case, I cannot downgrade my server to Java 7.
@rakion99
Use Java 7 instead of Java 8 and permissions will work again.
i have a problem with xAuth the plugin load fine but when i try to login/register says that i dont have permission, in the config the command register login and quit are true, also if i change something in the Allow section its like always using false and not reading the config at all but is like the plugin isnt working fine on spigot 1.8.8 im the only with this problem?
@TheDjRider download this file http://repo2.maven.org/maven2/com/h2database/h2/1.3.164/h2-1.3.164.jar and place it in file lib in your root server
Hey all,
I have problme with xAuth. When add plugin it is red (http://i.imgur.com/elq0CbU.png) but i want it, because AuthMe didnt work how i want.
If any one know how i fix plugin skype: copperkawasaki
Thank you for this awesome plugin. It's really easy to use your plugin as dependency in one of my plugins. Your maven repo is really helpful.
Hi,
Any chance i can import my LogiT database to use with this?
Ihave a big database and i dont wanna lose all my logins when moving over to xauth :P
@lucasdidur
you need java 7 for the time beeing.
This new permissions system is too heavy and buggy. Please, go back to old player.hasPermission(node) simple 4 permission (login, register, logout, admin). I cant get to work since last update change.
I will probably look into this on Thursday and decide if i have to make a spigot version.
Updated to xAuth v2.6.0 now when guests register the starter gets cleared upon /register, and if manually registering them via console it gets wiped with /login command. I also have hide-inventory set to false but this still happens.