Wiki about BZAuthd

All things BZFlag - no [OT] here please
Post Reply
Private First Class
Private First Class
Posts: 207
Joined: Mon Feb 21, 2005 8:29 pm

Wiki about BZAuthd

Post by trpted »


* Issue one *
The callsign and password are sent in clear text form to the list server and this is a risk to the users' privacy since they may use those passwords elsewhere. The auth daemon would use a public key cryptography algorithm called RSA that would effectively solve this problem. The only way to register at the moment is at the forums. The daemon would allow users to register through a secure, RSA encrypted channel from inside the game.
That is great wonderful of the future what you are planning to do. :)

But there is an issue. Users should never use the same passwords everywhere they go.

Tell the users to stop doing that. The password for BZFLAG and it's forum should not be used anywhere else.

* Issue two *
Should or can the Karma server and LDAP server be one and the same?

PROVIDES: easier maintenance, both autonomously and manually
PROVIDES: easier ability for maintaining a consistent data state (no fuzzy syncing issues – it either is or isn't synced with replicants)
PROBLEMATIC: multiple areas of entry for possible abuse (unless replicants are hosted on 'trusted' systems, as far as that can be determined.)
PROBLEMATIC issue, not matter what you do (Karma server and LDAP server same server or not the same server, for example) : I have read/heard
If it is made by human hands, it can be broken by human hands.
User avatar
Posts: 4804
Joined: Fri Mar 21, 2003 3:49 pm
Location: playing.cxx

Re: Wiki about BZAuthd

Post by blast »

It's not clear what you're pointing out as issues. We're not going to be using a BZAuthd and will continue to use web-based tech. And since 2.4.4 we've been using HTTPS communication to the list server and forums.
"In addition to knowing the secrets of the Universe, I can assure you that I am also quite potty trained." -Koenma (Yu Yu Hakusho)

User avatar
Private First Class
Private First Class
Posts: 244
Joined: Sun Nov 18, 2018 7:25 pm
Location: zone of the phantoms

Re: Wiki about BZAuthd

Post by tainn »

Regarding the argument of specifically pointing out on the account creation page that people should not use the same passwords across multiple websites, I think that's quite redundant at this point.

This matter is vocal on so many websites already and speaks common sense that it might seem as unnecessary guided cluster rather than anything else.

I'm quite indifferent about it, but seeing what kind of community bzflag is and what kind of new users it receives, I think the people don't generally have to be shown what steps to take to ensure basic security.

Not to shoot down the idea, I think it is presented in good faith, but this community really is of the type where each individual is expected to take care of at least their own basics without additional guidance.
User avatar
Private First Class
Private First Class
Posts: 733
Joined: Sun Oct 18, 2015 3:36 pm
Location: Arctic

Re: Wiki about BZAuthd

Post by Zehra »

trpted wrote: Sat Jan 05, 2019 8:49 pm REF =

That is great wonderful of the future what you are planning to do. :)
Mentioned within the List Server questions thread, it was mentioned that BZAuthd had not been updated, and if I'm not mistaken, the code itself has not been touched since 2009. (Meaning that no updates were made to it after that point.)
Personally, I wouldn't recommend using the Wiki to search for the 'latest' development ideas as the Wiki is mostly outdated.
If you are interested in the latest development ideas, I would recommend asking within the forums or IRC.

Those who are critical of me, I'll likely be the same of them. ~Zehra
The decisions we make are the ones we look forward too and the ones we regret. ~Zehra
There's a difference between knowing my name and knowing me, one shows respect to my name and the other is to who I am. ~Zehra

See where I've last been active at Strayers.
Visit for a modern HTML5 server stats site.

Click here to view the 101 Leaderboard & Score Summaries Last updated 2021-01-12 (YYYY-MM-DD)
Latest 101 thread
Post Reply