Complete.Org: Mailing Lists: Archives: freeciv-dev: May 2003:
[Freeciv-Dev] Re: client/server authentication (PR#1767)
Home

[Freeciv-Dev] Re: client/server authentication (PR#1767)

[Top] [All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index] [Thread Index]
To: undisclosed-recipients:;
Subject: [Freeciv-Dev] Re: client/server authentication (PR#1767)
From: "Mike Kaufman" <kaufman@xxxxxxxxxxxxxxxxxxxxxx>
Date: Thu, 8 May 2003 09:00:11 -0700
Reply-to: rt@xxxxxxxxxxxxxx

On Thu, May 08, 2003 at 07:23:47AM -0700, Raimar Falke wrote:
> > Instead, I want a command line option for the server to switch off
> > auth. [1]
> 
> This may be useful.

no it won't. As I said before, very few will actually want an authenticating
server. Those who do will compile it via --enable-auth.

> > The server tells the client what (if any) authentication is
> > required, and the client displays a password entry field below the
> > user name field, or not.
> 
> I agree.

I absolutely disagree. This will not happen. This is a challenge, response
system. There are a variety of reasons why a server will or will not want a
password. The very issue that one can register a user directly from the
connect dialog is enough to not want to do this.
 
> > All password checking is done at the server. New passwords are
> > transmitted twice, for this purpose.
> 
> Why? Once is enough.
 
yes, it is. The server only requires a good password. It's up to the client
to make sure that he typed it in correctly. Thus it's a client issue, best
left to the client.

-mike



[Prev in Thread] Current Thread [Next in Thread]