xAuth
xAuth v2.6.x
Authentication plugin for bukkit powered servers
About
xAuth is a second-factor authentication plugin that can be used to secure player accounts on your server. As the plugin has been enhanced over time, the direction and main purpose have expanded to new possibilities. Let's say you run a community page. With xAuth, players can authenticate using their forum accounts or using a web-driven account management system. It is also possible to get the credentials from a foreign database.
Important Notice
Before upgrading please read xAuth Documentation (external link). I have added documenation to my Confluence instance that will be updated over time. Permissions Node changed! If you get "command is restricted" you most likely did not check the release log.
Further Instructions can be found there.
Concept
The basic idea of this protection plugin is allowing players to register an account based on their player name and a supplied password and optionally their email-address. When a registered player connects to the server, that player will be prompted to authenticate his or herself by logging in. If and only if a valid password is supplied, they will regain full control of their account until their session expires.
Permissions (READ ME)
This plugin has the ability to block almost any action (including command execution) for guests and registered xauth players. It also does not use negated permissions in order to not interfere with existing plugins. Permissions are "allowed" or "restricted".
Important-Note:
In order to restrict certain actions executed by registered xauth players you need to restrict them since xauth players are trusted. This is different from guests since the default for guests is always "restrict" if not set since a guest is an unknown state. Guest nodes can also only be set via configuration and have the last say even if you might have the right to execute any command.
Please keep in mind in order to block admin commands you need to restrict them via xauth.restrict.player.command.xauth.* or add each command to a group.
This might be confusing at first but has its cons since you always can see if a permission is restricted or allowed via permission node and not via bullet point. More details can be found on page Permission-System
Features
- Before registering/logging in, players can't:
- Chat, execute commands, interact with objects (like levers or chests), move or pickup items
- Break or place blocks
- Receive or give damage, be targeted (followed) by hostile mobs
- Inventory and location protection
- Command TabCompletion including Configuration Node Browser!
- In-depth setting and message configuration
- Persistent login session through server restarts
- Player name filter and password complexity configuration
- Kick non-logged in (but registered) players after a configureable amount of time
- Fine graded Permission System that also allows you to block interactions or commands
- Permissions support (PermissionsEx, Bukkit, GroupManager)
- Kick or temporarily lockout the IP address of a player who fials to log in after a configureable amount of tries
- Custom, highly secure password hashing
- Authenticate yourself with /login <password>
- H2 / mySQL Database storage supported
- Authentication over URL (AuthURL) allows for connection to forum or website databases
- Auto-Updater (thanks to Gravity)
News
Checkout the News & Upcoming-Changes page for details.
Wiki
The Wiki is located on github.
Please visit the Github Project-Page and click on Wiki
Credits
All credits goes to CypherX from bukkit forums who created this plugin. Thanks for your work and long time support!
The old bukkit-thread can be found here
Contact
If you need help regarding the plugin please use the Issue Link in the navigation bar or contact me via private message.
@o0Julia0o
I don't think so since 1.8 is a major release and would need spigot. I have not yet tested this.
does it work with 1.8, too?
Just got approved yay! Have fun downloading and please read the documentation first. Its really needed. Upgrade instructions are also found there.
If you have any problems please let me know by either creating an issue on jira or PM.
Plugin is currently in approval. Updated Main page so you can read the documentation before actually downloading the update.
Have fun!
Excellent news !!! my server is running 1.7.9 R02 i will be glad testing your new release ;)
Preparing release
Want to see a new feature in the new version that will be published soon? Have a look at http://bukkit.org/threads/using-tabcomplete-for-configuration-node-navigation.347479/ . You dont need to read all this just browse to the bottom of the page where you can look at the illustration demo =)
I have a little surprise for you tomorrow. Stay tuned.
@Camaroz1
Please send me a private message so i can come back to you later. I do not know much about xenforo but the structure looks okay. Im not sure about the notes he put in there like "removed encryption", "removed limitation for login, register and so on"...
Would have to look into this later when its not 03:30 am ;)
I have fixed numerous bugs that came with 1.7.9-R0.2. Today i fixed command suppression. Had to realize that Bukkit moved the message output before the event that is responsible for command pre processing .... Had to do a crash course on log4j2 ... anyways done now.
Next is permissions. This does not work as intended. I need to fix BukkitPerms and add bPermissions since i had to remove EssentialsGroupManager because i was not able to attach to the Plugin since they do not use maven for that module any longer ...
After that i will check if it integrates into permissionsEx.
Notes:
Full Changelog will follow when the plugin is released.
When the plugin works again i will look into jira issues you posted and see if i can add your requested features like bungeecord support
i so fk up with the xenforo intergration, know nothing about PHP stuff. i found this https://gist.github.com/radie1230/8474462 and dont know where to put the php file
@Camaroz1
im currently focusing on getting the plugin back online. There is much work to do as you can imagine.
If you could create a jira ticket for me i will look into it. Adding more third party support is on my todo list.
@luricos
nice to see u back. Can you make intergration with popular source like xenforo?
@LizardFreak7
I did answer you. You can't compile against Java 8 and be compatible against Java 6. If you run your server with Java 8 plugins that are compiled against 6 will break. I need to check if i can compile against java 7 so it can be run by java 8. Currently you need and should run java 7.
@ElekzaliZ
Currently not. Right now im working on an update that works with 1.7.9-R0.2. After it goes live i will check on that.
Heylo People!
Is this plugin compatible with Spigot 1.8?
Luricos, when will my issue on the jira be fixed?
@harrykennedy If you're using bungee this is not really what you're going to want, at least not by itself. If you do use this or even AuthMe Reloaded on it's own you'll have to disable any bungee commands you don't want people to be able to use. I'd suggest AuthMe Reloaded and AuthMe Bridge. There's also a bridge for XAuth however since AuthMe Reloaded is still being actively updated it's a better option IMO. Also if you have multiple lobbies (or any server somebody could initially land on) each will need the authentication plugin installed. If a player could potentially land on more than one server use a shared MySQL database for all of them so once they register on one they won't need to on any others. That's the setup I used and it worked flawlessly for multiple lobbies and without me having to disable any of the bungee commands.
luricos update to 1.7.2
ok i have it working but players and do /server with out logging in