Inactive [SEC] xAuth v2.0.10 - Extra Authentication [1.2.5-R1.3+]

Discussion in 'Inactive/Unsupported Plugins' started by CypherX, Mar 15, 2011.

Thread Status:
Not open for further replies.
  1. Offline


    xAuth v2.0.10 - (CraftBukkit build: [1.2.5-R1.3+])
    Download v2.0.10

    lycano is taking over the development of xAuth as I no longer have the time nor the will to continue working on it. Please see the BukkitDev page:

    Thanks to everyone who has showed support for me and xAuth over the past 17 months. It's been 'fun'. If for any reason you need to contact me, stop by my IRC channel ( #LoveDespite) or toss me a message at Until we meet again, stay gold. Bang.


    xAuth is a plugin designed with a single task in mind: protect a server and its players while running in offline-mode. The basic idea of this protection is allowing players to register an account based on their player name and a supplied password. When a registered player connects to the server, that player will be prompted to authenticate his or herself by logging in. If and only if a valid password is supplied, they will regain full control of their account until their session expires.

    • Before registering/logging in, players cannot:
      • Chat, execute commands, interact with objects (levers, chests, etc.), move, or pickup items.
      • Break or place blocks
      • Receive or give damage, be targeted (followed) by hostile mobs
    • Inventory and location protection
    • In-depth setting and message configuration
    • Persistent login sessions through server restarts
    • Player name filter and password complexity configuration
    • Kick non-logged in (but registered) players after a configurable amount of time
    • Bukkit Permissions support
    • Kick or temporarily lockout the IP address of a player who fails to log in after a configurable amount of tries
    • Custom, highly secure password hashing
    • H2 and MySQL support
    • Authentication over URL (AuthURL) allows for connection to forum or website databases
    Changelog (click for full changelog)
    • Version 2.0.10
      • [Fixed] Exploit to completely bypass login system.
      • [Fixed] xAuth commands not working with Rcon
      • [Fixed] Exploiting login system to avoid fire & drowning damage.
      • [Fixed] NPE caused by player connecting & disconnecting during same server tick.
      • [Fixed] 'Table "SESSIONS" not found' error when a player uses /logout while session length is set to zero.
      • [Fixed] Exploiting location protection after dieing to return to the spot of death.
    • Version 2.0.9
      • Added several reverse single session configuration options.
      • Fixed registration.forced: false not working.
      • Updated version check and H2 download links.
    xAuth Importer
    xAuth Importer is a tool used to import accounts from previous versions of xAuth as well as other authentication plugins. Click here for more information.
  2. Offline


    Can whirlpool hashes be converted back to MD5? What I worry about is if a security plugin breaks down or is abandoned, I can move MD5 hashes to other plugins and they will work fine. That way I dint have to have everyone reregister.
  3. Offline


    Nope, the cleartext password would have to be MD5'd then saved when a player used /login. That's how xAuth converts them to Whirlpool hashes.
  4. Offline


    I am getting this error from a clean install.

    23:56:05 [INFOStarting minecraft server version Beta 1.4
    :56:05 [INFOLoading properties
    :56:05 [INFOStarting Minecraft server on *:25565
    23:56:05 [WARNINGThe server will make no attempt to authenticate usernamesBe
    23:56:05 [WARNING] While this makes the game possible to play without internet a
    it also opens up the ability for hackers to connect with any username the
    y choose
    23:56:05 [WARNINGTo change thisset "online-mode" to "true" in the server.set
    tings file
    23:56:05 [INFOThis server is running Craftbukkit version git-Bukkit-0.0.0-646-
    gb61ef8c-b670jnks (MC1.4)
    23:56:05 [INFOPreparing level "world"
    23:56:05 [INFOPreparing start region
    :56:05 [INFO144 recipes
    :56:06 [INFOPreparing spawn area93%
    23:56:06 [INFO] [xAuthLoading player accounts..
    23:56:06 [INFO] [xAuthDoneLoaded 0 Accounts!
    23:56:06 [INFO] [xAuthPermissions plugin not detecteddefaulting to ops.txt
    :56:06 [INFO] [xAuthv1.2 Enabled!
    23:56:06 [INFODone (0.120s)! For helptype "help" or "?"
    23:56:16 [INFOunenergizer [/ in with entity id 170
    :56:16 [SEVERECould not pass event PLAYER_JOIN to xAuth
            at com
    at org.bukkit.plugin.RegisteredListener.callEvent(RegisteredListener.jav
    at org.bukkit.plugin.SimplePluginManager.callEvent(SimplePluginManager.j
    at net.minecraft.server.ServerConfigurationManager.a(ServerConfiguration
    at net.minecraft.server.NetLoginHandler.b(
    at net.minecraft.server.NetLoginHandler.a(
    at net.minecraft.server.Packet1Login.a(SourceFile:46)
    at net.minecraft.server.NetworkManager.a(
    at net.minecraft.server.NetLoginHandler.a(
    at net.minecraft.server.NetworkListenThread.a(SourceFile:87)
    at net.minecraft.server.MinecraftServer.h(
    Caused byjava.lang.ClassNotFoundExceptioncom.nijiko.permissions.PermissionHa
            at java
    .net.URLClassLoader$ Source)
    at Method)
    at Source)
    at java.lang.ClassLoader.loadClass(Unknown Source)
    at java.lang.ClassLoader.loadClass(Unknown Source)
    14 more
    23:56:05 [INFO] Starting minecraft server version Beta 1.4
    Bukkit: 670
    Fresh Install with no changed settings.
  5. Offline


    I see. Thank you for your response. However, I have found that my admins are not required to register, and users cannot register because they receive this error: "You must be logged in."
    In essence, users cannot register because they need to be logged in. And anyone can spoof into the admins account, thus rendering the plugin useless.

    Halp? :(
  6. Offline


    Whoops, forgot to add a check to see if Permissions wasn't installed. Updated to version 1.2.1 which should fix it.

    Check your inbox in ~2 minutes.
  7. Offline


    Could you please add sessions' saving after server restart?
  8. Offline


    Would be nice if you could add Help 0.2 support.
  9. Offline


    Both of these will be in version 2.0.
  10. Offline


    Nice! After finally finished configuring my server i noticed that the login notice "Please log in using /login .." is send to Player before LoginMessage appears (directly after connect). Im using Essentials and it would be nice if this Message send to Player would appear after the LoginMessage was send because the first line is "Welcome %player".

    (I didnt realised that there is a message that notifies you about it since i took a closer look)
  11. Offline


    "(NEW!)Players are no longer kicked if someone with the same name joins" This feature isn't working :(
  12. Offline


    Request for quoted options to be optional. Would be nice if it is possible to make move, chat at least configureable via config, so that an unregistered person can at least chat.

    There is an option for allowed-cmds inside the config but other commands than register and login cant be executed (maybe i got something wrong with the permissions plugin, currently reading about the default group behavior checking that later).

    If the unregistered person is not targetable by mobs then makeing move optional would be very nice. E.g. that someone can build a house around the spawn area and place some signs. to inform the player about the restriction via signs (actually i did that to not confuse a new joined player and make em to force disconnecting xD)

    [Edit]: As i checked a minute ago: Deleting me from the users section in Permissions 2.6 Config. Well, default group assign is working cause i was assigned to my default group with option default=true. Im not logged in at this moment and i cannot use commands that are permitted by the default group. lets say

    Features stated "permissions support" Shouln't it work that way?

    What does "registration.force" option do? I don't get it ^^

    Thanks for your time reading this.
  13. Offline


    Working fine for me on my test server. Previously, when a player joined a server with the same name as someone else on the server the player already online was disconnected. Now, the player who is attempting to join the server is disconnected instead of the one online.

    Configurable limits on what players who aren't registered can do will be implemented in xAuth 2.0. "Permissions support" basically means that xAuth has nodes that can be used with Permissions/GroupManager. If you want to allow commands to those who aren't registered/logged in you have to add them to the allowed-cmds node in xAuth's config.yml. The registration.forced configuration node controls whether players must register or not. If set to true, they are forced to register before doing anything, if false, registration is optional.
  14. Offline


    I had added additional command to the config file like /me or /help but i couldn't execute them either. Those commands comes from essentials and help 0.2. Ill test it again maybe i missed something during configuring the server like simply executing /authreload ;) Sometimes this happens even to me xD Thanks!
  15. Offline


    So with strikes set and enabled, it IP bans a user if they pass the threshold, which is good. But really those shouldn't be permanent bans, so we should at least have an option to expire them after a certain amount of time. Any plans to implement something like this?
  16. Offline


    I've actually been thinking about this myself lately. Version 2 will most likely include a way to configure the length of the ban or some other means of making it temporary.
  17. Offline


    Sorry, i installed againg and it's still same. I can login from another client. I try it on same ip. Can this be a problem?

    Edit: I use 670. Can this be a problem too?
  18. Offline


    plese help it write to me musch errors if i use some plugin command like /npc create from citizen or world edit...
    wot must i do
  19. Offline


    Neither of those should be a problem. Explain step by step what you're doing.

    Take a screenshot of or paste the error(s) here. I can't do much if you just say you get errors.
  20. Offline

    Boon Pek

    Now then, for MySQL support! ;)
  21. Offline


    I added the xAuth plugin and i logged in from my computer to the server on vps. Then a player connected with my nick. The server doesn't kick him, it kicks me. Where is the problem?
  22. Offline


    That is fixed in the latest version, just update your plugin.
  23. Offline


    I'm already using the latest version.
  24. Offline


    I use this plugin and it works great thanks but recently i want to check if my epic zones plugin is working and when i try logging in on another client it says "You don't have permission to enter KEGS" Kegs is my world name, is this the problem?

    EDIT: Working after restarting the server, no more permission to enter the world error :S Could be a bugg?
    Thanks in advance,
  25. Offline


    Could be possible that another plugin is conflicting with it. I see from your signature that you're using a whitelist plugin. Which one exactly?
  26. Offline


    Im using [ADMN/GEN] Whitelist v2.7 [431-670].
  27. Offline


    Well, that wasn't the cause. The only thing I can think of is that you're using the wrong version by accident or one of those other plugins is causing it.
  28. Offline

    The PC Tech Guy

    This plugin looks very interesting compared to the Authme plugin I currently use. I'll probably switch over, specifically looking at the password complexity part, since I've got players who use their own name as their password. Now, when a moderator uses such a password... it gets me a little angry...

    Is it possible you can add aliases for logging in? Such as /l
    Also, could you add a configuration node to kick after an incorrect password attempt? And also to kick after not logging in after a specified time?
  29. Offline


    Glad to see another possible supporter. As for you're requests/suggestions, I will definitely be adding the /login alias, the strike system will most likely be modified to allow the server manager to choose what happens after x amount of incorrect password attempts (kick, ban), and I'll see what I can do about kicking a player if they don't login after a certain amount of time.
  30. Offline


    Make so prompts you on login??
  31. Offline


    Do not use a plus sign in the RB version, you should state the latest tested version.
Thread Status:
Not open for further replies.

Share This Page