Complete.Org: Mailing Lists: Archives: freeciv-dev: May 2003:
[Freeciv-Dev] Re: client/server authentication (PR#1767) 		Home

[Freeciv-Dev] Re: client/server authentication (PR#1767)

[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index] [Thread Index]
To: kaufman@xxxxxxxxxxxxxxxxxxxxxx
Subject: [Freeciv-Dev] Re: client/server authentication (PR#1767)
From: "Raimar Falke" <rf13@xxxxxxxxxxxxxxxxx>
Date: Thu, 8 May 2003 07:23:47 -0700
Reply-to: rt@xxxxxxxxxxxxxx 
On Thu, May 08, 2003 at 05:33:52AM -0700, ChrisK@xxxxxxxx wrote:
> On Thu, May 08, 2003 at 03:31:28AM -0700, Raimar Falke wrote:
> > 
> > For "-a" and also some other cases the user should _be able_ to save
> > his password in his freecivrc and the client should read it from this
> > location. The client shouldn't save it there. At least not without
> > asking the user.
> > 
> > The extra step where you type your password should be removed.
> > 
> > The server should sent a message text what the policy is. Something
> > like "Welcome foobar. Please enter your new password. It has to be at
> > least 4 characters and must contain at least 2 digits."
> 
> Sorry that I speak up, but I disagree.
> 
> The password should not be saved. You won't never autoconnect to a server
> which requires authentication.

Do you think the client should read the password?

> Instead, I want a command line option for the server to switch off
> auth. [1]

This may be useful.

> The server tells the client what (if any) authentication is
> required, and the client displays a password entry field below the
> user name field, or not.

I agree.

> All password checking is done at the server. New passwords are
> transmitted twice, for this purpose.

Why? Once is enough.

        Raimar

-- 
 email: rf13@xxxxxxxxxxxxxxxxx
  This message has been ROT-13 encrypted twice for extra security.
[Prev in Thread] Current Thread [Next in Thread]