Password based ONLY authentication on 1.2.x

Help
B0nuse
2010-01-10
2012-10-30
  • B0nuse

    B0nuse - 2010-01-10

    Hello!
    How can I do Password based ONLY authentication?
    Or How I can delete (reset) Certificate on local computer?
    Many Thanks!

     
  • axel afp

    axel afp - 2010-01-26

    Anyone?....i am intrested too in how to setup for every player with user and
    password and not using certificates!!!!

     
  • Dirk Krüger

    Dirk Krüger - 2010-01-26

    I dont think you can prevent the Clients from creating Certificates.. since
    that is part of the client.

    However you can set a Password in the Mumrmur.ini to control General Access to
    your Server.
    Manageing the Useres the "old" way like in 1.1.x was a pain in the neck.

    just see this section of the Wiki:

    http://mumble.sourceforge.net/DBus#User_management
    with Dbus.

    A better way to do this would be with some fancy WebConsole
    I suggest to take a look here

    https://sourceforge.net/projects/mumpi

    This Project helped me a lot but there are others out there.

    Btw. can you share the reason to us why you want to go back to the old
    fashioned way with fiddeling with the database and passwords?

     
  • axel afp

    axel afp - 2010-01-27

    All clan leaders from my server are still pay for ventrilo servers becouse it
    has a better user management....i am not a pro but i can manage a ventrilo
    server(meaning that when a new member enter in clan i will make him a username
    and a password and from that point he can connect from any pc using u/pw...)
    but with mumble?...i make a username at the connection on
    server....then?....if i register user i cant connect from another pc.....is
    asking for a passord.....if i connect with superuser i see what registered
    users are on server....if i put a pass in mumble.ini anyone can leak'it.....no
    one whant to spend a day to connect to a server.....making certificates...BUT
    like i said i am not a pro!! i dont know and maybe there is a easy way
    to making and administrate a private server restricted where only users i
    whant can join easly from home or work without
    importing/exporting/creation/webinterfaces/ice/php/db/reading pages and pages
    with tutorials and stuff jus for making password protected users or other
    tools ...bla..bla...bla... All i want is to be simple to use for everyone....i
    respect the work for this software and i think is the best one.....but for
    administrators?....pffff

    PS: Anyone can explain me how to do it without "Manageing the Useres the
    "old" way like in 1.1.x was a pain in the neck.
    " ???
    THX

     
  • Dirk Krüger

    Dirk Krüger - 2010-01-27

    Hello

    again, there are sveral ways of aproching your Problem.

    The most easyet way is to work with Password Protected channels.

    After you created a channel you open the EDIT if that channel and set a
    Password for that channel.
    Now only Users can talk in that protected Channel who has set the same
    Password in the "Acces Token" Window that can be found on the Server Menu.

    If you want more control you use the ACL :
    simply dis check the "Inherit ACL" check-box so you don't get rules from the
    above or Root channel.
    then add a "@all" rule that deny Access or talk in this channel. Below that
    ACL you add another "@auth" to allow only Authenticated Users (known Users
    that you Authenticated with the certificate) to enter/ speak or even more
    permissions that you like. This way you can end up with a Root channel where
    all the guest's meet and a clan channel that only your friends can enter /
    talk .. whats so ever.

    Yes, its true if you often switch your PC you will have to take your
    certificate with you. Yet I would think most games wont switch there pc's so
    often. Even if you do a Certificate on a USB stick should not be a problem.
    Even with a lost Certificate its just a matter of a left Click by an Admin to
    authenticate the User again.

    All this does not want me to go back the old way...

    If you need more help Using the ACL just ask in here. We are happy to help
    you.

     
  • axel afp

    axel afp - 2010-01-27

    This is what i talking about.........why all off this above???.........instead
    of a Simple right click -> User Settings -> User name & Password!??? Why not
    so Simple?

    PS: What you say up there has nothing to do with what i need'ed --> Every user
    with his own password. Nothing more.

     
  • Dirk Krüger

    Dirk Krüger - 2010-01-27

    @axel

    don' get me wrong here, maybe i have some misunderstanding, but a certificate
    IS a password. Its simply a very long complicated password that is stored in a
    file.

    Even the old fashioned way you would have to set up Rules (ACL's) what a User
    with a password can do and what a User cant. I guess there would be not much
    difference in adding a group of Users that did authenticated them self via a
    password or a certificate.

     
  • Noel Houck

    Noel Houck - 2010-01-27

    For the problem with 2 computers, if copying the cert is too hard, just have
    two accounts for that user, each with their own cert. Only minor difference is
    that they will have a slight variation of their name with the work computer or
    something.

     
  • Kevin Traub

    Kevin Traub - 2010-01-27

    ok, so I still have most of my users using their old username / password based
    authentication...
    I still allow people to register via my web registration page, and it works
    fine.
    If your users want to use a password, then tell them not to 'self register',
    and use a web registration system.

     
  • Jocelyn Madray

    Jocelyn Madray - 2010-02-04

    Hi,
    I actually use mumble for an eve-online clan server.
    I have written a mybb forum plugin allowing mumble access from forum groups.
    Ex : group ‘fighter corp’ can access audio server => all player in this group
    can log mumble with their forum login and passwords. If you remove group
    access, all member access are closed.
    With the certificate authentication used in the 1.2.x version, this kind of
    solution cannot work anymore.
    Is it possible to choose the auth method for the server? Certificate or
    password?

    Chumly, how can you force 1.2.1 client to use the old authentication method?
    When I choose in Network parameters to not use certificate mumble still use
    it. Perhaps I have forgotten a step.

     
  • Jocelyn Madray

    Jocelyn Madray - 2010-02-04

    We actually have to choose between mumble and TS3, our preference is to
    Mumble. We are managing with only 8 forums groups about 300 user accesses. If
    we cannot offer to our forums / clans admins the same comfort in 1.2 than 1.1
    we will have an issue.

    Chumly, how work the web registration you was speaking about? Certificates
    upload / download?

     
  • Thorvald Natvig

    Thorvald Natvig - 2010-02-04

    Passwords work in 1.2 exactly as they did in 1.1; if there is a password on an
    account, you have to know the password to log in to it. The first time you log
    in, your cert will be auto-added to account and will work as equivalent
    authentication.

    If you use an Ice or DBus authenticator, the password is needed every time.
    Make sure your authetnicator returns authentication failure for unknown users,
    and no old users will be allowed to log on.

     
  • Jocelyn Madray

    Jocelyn Madray - 2010-02-04

    I actualy use a dbus Auth, since we upgrade (1.1.8 -> 1.2.1) our dev server is
    no more prompting password when onnecting.

    our migrated server still receive the password on logon, but don t prompt for
    it.
    New virtual servers dont prompt, so the authenticate function receive a blank
    value.

    I actualy read the ICE doc. will probably rewrite from dbus to ice.

    (sorry, my english is hawful)

     
  • Jocelyn Madray

    Jocelyn Madray - 2010-02-04

    Where can i found allowed user certificats/rsa key on the server ?

     
  • Kevin Traub

    Kevin Traub - 2010-02-04

    Hi, The web registration is used exactly like it was with 1.1x. Server has a
    password, so un-registered users can not connect. We direct users to the web
    site, and allow them to create an account. The web server creates a random
    password, and emails it to them. This provides some sort of verification.
    Users can then log in to the mumble server using their account name and
    password. No certificate is require.
    http://voice.pwrup.com/
    Give it a try, you can also create your own server here to play around and
    test.

     
  • Jocelyn Madray

    Jocelyn Madray - 2010-02-04

    Thanks for your answers, i will take a look, i must have an error in my
    updated script. I will probably move to ICE, realy more simple than dbus (our
    forum and our audio server are on diferent VM).

     
  • Stefan H.

    Stefan H. - 2010-02-04

    @ jocelyn_modray: If you want you can base your plugins on one of the already
    existing forum authentication plugins. You can find these
    here.

    In any case, since we do not have a mybb authenticator yet it would be great
    if you would consider contributing yours once you got it finished. For
    acceptance into mumble-scripts it would have to be BSD licensed though.

    @ topic: Passwords are still available in 1.2.X, they just were replaced as
    the default method of authentication by certs. The phpbb3/smf authenticators
    for example know nothing of certificates, they could but I didn't see any real
    gain in making them aware, they will always query your for your password in
    the forum.

     
  • Jocelyn Madray

    Jocelyn Madray - 2010-02-05

    @dd0t: Thank you. I actualy use a dbus based perl script, and probably use Ice
    in the future. this authenticator actualy work with our 1.1.8 serveur, it s
    code isn t very clean, but i will share it soon.

    after some more tests, i'm now sure this is not a certs auth issue.
    i start a first perl auth script for the main dev serveur. it s working find,
    users can log with the first mybb forums access.
    I start a second script instance, this script get param to run a virtual
    mumble server (server id 2) and use an other forum db. This vserver start. the
    dbus "authenticate" methode trap players logins but password parameter is
    empty and the '-1' return value (wrong password) provide in mumble an "wrong
    username" message.