xAuth
xAuth v2.6.x
Authentication plugin for bukkit powered servers
About
xAuth is a second-factor authentication plugin that can be used to secure player accounts on your server. As the plugin has been enhanced over time, the direction and main purpose have expanded to new possibilities. Let's say you run a community page. With xAuth, players can authenticate using their forum accounts or using a web-driven account management system. It is also possible to get the credentials from a foreign database.
Important Notice
Before upgrading please read xAuth Documentation (external link). I have added documenation to my Confluence instance that will be updated over time. Permissions Node changed! If you get "command is restricted" you most likely did not check the release log.
Further Instructions can be found there.
Concept
The basic idea of this protection plugin is allowing players to register an account based on their player name and a supplied password and optionally their email-address. When a registered player connects to the server, that player will be prompted to authenticate his or herself by logging in. If and only if a valid password is supplied, they will regain full control of their account until their session expires.
Permissions (READ ME)
This plugin has the ability to block almost any action (including command execution) for guests and registered xauth players. It also does not use negated permissions in order to not interfere with existing plugins. Permissions are "allowed" or "restricted".
Important-Note:
In order to restrict certain actions executed by registered xauth players you need to restrict them since xauth players are trusted. This is different from guests since the default for guests is always "restrict" if not set since a guest is an unknown state. Guest nodes can also only be set via configuration and have the last say even if you might have the right to execute any command.
Please keep in mind in order to block admin commands you need to restrict them via xauth.restrict.player.command.xauth.* or add each command to a group.
This might be confusing at first but has its cons since you always can see if a permission is restricted or allowed via permission node and not via bullet point. More details can be found on page Permission-System
Features
- Before registering/logging in, players can't:
- Chat, execute commands, interact with objects (like levers or chests), move or pickup items
- Break or place blocks
- Receive or give damage, be targeted (followed) by hostile mobs
- Inventory and location protection
- Command TabCompletion including Configuration Node Browser!
- In-depth setting and message configuration
- Persistent login session through server restarts
- Player name filter and password complexity configuration
- Kick non-logged in (but registered) players after a configureable amount of time
- Fine graded Permission System that also allows you to block interactions or commands
- Permissions support (PermissionsEx, Bukkit, GroupManager)
- Kick or temporarily lockout the IP address of a player who fials to log in after a configureable amount of tries
- Custom, highly secure password hashing
- Authenticate yourself with /login <password>
- H2 / mySQL Database storage supported
- Authentication over URL (AuthURL) allows for connection to forum or website databases
- Auto-Updater (thanks to Gravity)
News
Checkout the News & Upcoming-Changes page for details.
Wiki
The Wiki is located on github.
Please visit the Github Project-Page and click on Wiki
Credits
All credits goes to CypherX from bukkit forums who created this plugin. Thanks for your work and long time support!
The old bukkit-thread can be found here
Contact
If you need help regarding the plugin please use the Issue Link in the navigation bar or contact me via private message.
Any update on when this will be updated to 1.7.2? I have tried other authentication plugins like SkyAuth however, shit keeps happening and I have to relog while I am playing which in turns deletes all my items.
Edit: I apologize. I saw the comment below and they said to check out AuthMe. I have and I am testing now. Thanks!!
on 1.6.4 server we have spam from xauth with this message:
please fix it
Something keeps happening to my players :P
@momoxil21
It's not for 1.7.2 use authme
It gives me this error with the latest CB build of right now (#3029 1.7.5)
it doesn't seem to work for 1.7.2 does it? it gives me version error.
Good Job
This is a great plugin, Have been using it for almost a year.
One question. Is there a way to obfuscate passwords from console? so I could give read only/debug access to certain people.
If there is, What is the setting under? I have not been able to locate it.
Good plugin ;)
Can You Please Update To 1.7.2?
How can I added a second register password?, I mean
Actually > Please type /register ( password ) for register
I want >Please type /register ( password ) + (repeat password ) for register!
Please anyone can help me?
I don't undestard this...
I istalled and try to modify,etc. commands but nothing
Can anyone tell me how to modify the permissions?, because ALL, all guest,members,etc.. ALL can /xauth All comands I mean all can use admins commands and modify all about xAuht lol,
[Mod edit: spam removed]
ohh okay, I wait for update 1.7.2. xauth is better than shit auth*e
by whole life and one day longer!!!
@SzymonOwca
I think that it's because xAuth doesn't support craftbukkit 1.7.4 right now
Is it possible to prevent unregistered users from eating food?
@luricos
Do you know about lores.. ? When players login remove all lores from items.
How to fix it ?
@luricos
What about an xAuth API? :)
@luricos
Maybe it doesnt work only for my base. Need more tests.
Btw CREATE TABLE in accont/table.sql instead of CREATE TABLE IF NOT EXISTS
@P4per
Thanks but then i would have to add a different create table script for every other sql server since this keyword is only supported by mysql.
I do believe that it should be up to the database maintainer what he wants to use. I recommend using InnoDB as default not only because it is the default for mysql 5.5+ but because it does support row locking instead of table locking.
If you can give me some examples why you think the plugin does not work with innodb 100% and post it on my issue tracker if you really think this is a bug please do so.
Found a bug with sql.
Looks like xauth cant work with any engine exept MyISAM. (with innodb it cant 100%)
So please, add engine type in .sql files.
exaple:
CREATE TABLE IF NOT EXISTS `{TABLE}` (
`ipaddress` VARCHAR(45) NOT NULL,
`playername` VARCHAR(255) NOT NULL,
`time` DATETIME NOT NULL,
PRIMARY KEY (`ipaddress`)
) ENGINE=MyISAM;