Strong Authentication

From BZFlagWiki
Revision as of 19:24, 11 March 2007 by Joevano (Talk | contribs) (Formatting and spelling)

Jump to: navigation, search

To use strong auhentication on bzflag an infrastructure based on kerberos should be put in place.

kdc: is the kerberos Key Distribution Center, part of the mit-kerberos5 distribution. It should be unique, possibly with a slave configured, and for bzflag to work it should be configured to serve the realm BZFLAG.ORG . Your system needs to know where KDC is. So you should write a /etc/krb5.conf on Unix or krb5.ini on windows, with the following content:

[realms]

BZFLAG.ORG = {
        kdc = bryjen.bzflag.org
        admin_server = bryen.bzflag.org
}

This is temporary and will be changed whenever we decide on where to put it.

On the kerberos database should be created one principal (kerberos user) for any client and one principal for any server that should participate.

  • Server principal name should be #port/publicaddr@BZFLAG.ORG (like 5154/bzflag0.gamesunited.de@BZFLAG.ORG)
  • Client principal name should be clientName@BZFLAG.ORG (like c3po@BZFLAG.ORG)

When starting a public server it will try to authenticate using the value given in -port -publicaddr and -password

When starting a client, it will authenticate to the server if the bzdb variable: username & password are defined (in the bzfs config file). So write the following lines on your config:

set username yourName

set password yourSecret

If credentials are unmatched, you will be still logged as an untrusted user.