Server collaboration.

[Lachu]

It could be pretty nice, if tremulous can providing cookie mechanism, but only in certain cases. We can playing contest on many servers and it must know, who I am.

It will bring new possibilities, like writing web based client to Tremulous RTS game, where we can ex. split wares between many servers of real Tremulous RTS mod game.

Player must always agree to reply on cookie request.

[David]

How would that help with web based things?

Also I've long wanted a way to identify people across servers for sharing admins.
No one has yet come up with a workable system.  If anyone can think of any, then please do tell us.
(Needs to stop server admins impersonating people, so no disabling cl_guidServerUniq.  And pubkey has been ruled out too).

[Demolution]

How would that help with web based things?

Also I've long wanted a way to identify people across servers for sharing admins.
No one has yet come up with a workable system.  If anyone can think of any, then please do tell us.
(Needs to stop server admins impersonating people, so no disabling cl_guidServerUniq.  And pubkey has been ruled out too).

A database where people register (through a site) and are given a key of some sort. When they join a server which utilizes the database they have to use the key to verify their identity before being given admin. After admin is assigned to them, the database keeps track of what admin level is registered to each unique guid for a player.

Just an idea of course, my knowledge of databases is poor, so I'm not sure how it would all be organized, or who would host it.

[David]

Either the client has to auth to the DB when connecting, resulting in tons of complexity and crypto (reimplementing kerberos) or servers ops can look in there logs and impersonate you.
Also relies on a 3rd party single point of failure.  Also a 3rd party who everyone trusts is lol.

How the info is stored isn't the problem, is that "key to verify their identity" part.

[SlackerLinux]

Either the client has to auth to the DB when connecting, resulting in tons of complexity and crypto (reimplementing kerberos) or servers ops can look in there logs and impersonate you.
Also relies on a 3rd party single point of failure.  Also a 3rd party who everyone trusts is lol.

How the info is stored isn't the problem, is that "key to verify their identity" part.

well the Tremded database interface is done(for anyone who doesnt know/is interested - svn checkout http://fsm-trem.googlecode.com/svn/branches/fsm-trem-mysql i used fsm-trem for it after everyone else stopped working on it but me. it works for mysql. p-g SQL work was just starting and doesnt work(code isnt there) - i should prob get back to doing some more of that later ). its just a matter of improving speed/etc(i never really noticed any slowdown with my database code but i was only testing on local system with 1 tremded and 3 clients open on the same pc makes it kinda hard to notice slowdowns(i had allof admin.dat converted at one time - messy at parts but converted). but the very nature of it i would expect slowdowns - threading code might help?)

And pubkey has been ruled out too.

whats wrong with pubkey.

[MitSugna]

Threading or another way to query the DB without blocking the game would help.
You send the query but don't wait for a reply. You continue to run the game and check for a reply regularly.

Also a 3rd party who everyone trusts is lol.

I think the master server is a 3rd party and if it fails no one can get the server list. But you can still connect to servers.
You don't send any valuable info to the master but at some point you need to rely on a third party. ... openid :/

[danmal]

Also I've long wanted a way to identify people across servers for sharing admins.
No one has yet come up with a workable system.  If anyone can think of any, then please do tell us.
(Needs to stop server admins impersonating people, so no disabling cl_guidServerUniq.  And pubkey has been ruled out too).

Ok, back on topic. A secure authentication system is not easy to implement if you have control of neither the clients nor the servers. IMHO the best would be a ticket system ala Kerberos, i.e. the client logs in to an authorization server, the authorization server grants the client a signed "ticket" which the client passes on to the game server. The game server verifies that the ticket comes from a trusted auth server and allows the login.

This way there's no trust needed between the client and the game server, both only have to trust the auth server. (Btw. the client doesn't need to transfer the passwd in cleartext to the auth server, there are ways to check the password without actually giving it away to the auth server).

This wouldn't even require one centralized auth server, there could be several alternative auth servers to choose from.

[UniqPhoeniX]

The auth server could be any other game server the current one trusts, a server it shares admins with.

[tjw]

Also I've long wanted a way to identify people across servers for sharing admins.
No one has yet come up with a workable system.  If anyone can think of any, then please do tell us.
(Needs to stop server admins impersonating people, so no disabling cl_guidServerUniq.  And pubkey has been ruled out too).

The only reason I left cl_guidServerUniq as a cvar instead of being always on is so that people could turn off server uniqueness if they wanted to use the same guid on servers that they trust.  For example, on their clan servers.  I don't know that anyone uses it though, so perhaps I should just remove that cvar.

[David]

The problem is, I'd have to toggle it every time.  And I'd forget eventually.

And I want the same GUID across all the official servers, and I also want the same GUID across all the MG server, but I don't want the evil MG Illuminati to be able to impersonate me on the official servers.

So we need a crap-ton more granularity for that to work.


Maybe some way I can map servers to use a different prefix?  So I can tell it that when connecting to 127.0.0.1:30720 instead of prefixing that, prefix "local" instead.  Or something.

[Lachu]

My idea is about some think rather like OpenID - our records are provided by one server and (in future) clients can read it or server can read and displays it.

I also told about Tremulous RTS. Storing data (ex. records) about each player can be helpful.

[Paradox]

Do you even read what you post?

I have been tempted to hit the big scary lock button 3 times today.