How to use TS3 auth system in a preexisting user base

[LuckyWS]

Mod edit:

This thread started out as a pool of problems that were associated with integrating TS3 with preexisting user bases. Some debating of possible solutions later we have people with success stories integrating user bases into TS3. I wrote a guide without the historical and irrelevant stuff for those of us interested how to do it today:

http://forum.teamspeak.com/showthread.php?t=56435



Original Post:
Im an avid supporter of teamspeak since its early days, but whoever came up with this "uniqueid" stuff needs to be shot.

I run a very large website with lots of users, if they are authenticated they behave because they know we know exactly who they are at all times.

Despite me hacking the SQL since you only send this uniqueid which means nothing to us serverside and the nickname is irrellevant to me, there is no way of gaining any form of control without the permanant employment of moderators.

I would really like you to consider a few of the following solutions:

Solution One
Send the IP/Port via serverquery that way at least we can get a recognition, albiet one which can be circumvented by the cunning, it at least is a start.

Solution Two
Allow an optional username/password value to be sent

Before someone replies with "tokens" and the like, this is not suitable - My motto is that users are stupid, and that we as server admins should do everything that is programatically in our power to make users life easier, this reduces support and makes the world a better place.

I love TS3, the quality, interface, its great - but I need to know who is who to maintain some law and order without the added cost of moderators.

I offer you my wife and three kids for consideration of this issue which I consider to be major!

[PeterW]

There is a very big difference to the old system!

With TS2 it was very easy to connect TS to an external user database. You just needed to sync id and password. For everyone else the server was closed. This could all be done automatically with programs and scripts. The user just could enter his login data he already uses for web/forum/whatever.

With TS3 such a simple system is no longer possible. With scripting you can make it a bit easier, but in the end it is more work for admins and users. Users really don't care about saving their identity. They reinstall windows and recognize the rights on TS are gone.

I really hope the TeamSpeak developers will think about this again and add the option to switch to a simple username/password system.

[LuckyWS]

don't understand your problems. there is not so much a difference. just that in ts3 your "password" is your private key. and every user is can be hold for his actions, just ban the id.

You are right 100% - BUT as a serveradmin WE need to know this prior to connection, not after.

I must stress that my site has way over 20,000 members, and is not a 5 man clan thing - On this level its not ready for implementation, and I hope that this small change can be implemented, because programatically its not alot to ask, nor would much work be involved to give us this option.

I really hope that one of the developers reads and takes note of this.... just please provide us with something we can use to properly auth serverside based on accounts WE choose, and not the end user.

EDIT : I would like to add, that for all of my portable computers I need a seperate SA identity, this according to scientists will cause cancer and rectal bleeding, another reason for proper accounts; the username and password system globally is a success because it works, lets stick with it eh?

You can still have the wife btw!

[Texhex]

ok first, do your wife know that you are offering her for code?

i think i got your problem know and i can think of two solutions which are in my eyes doable by a user.

1.
Provide an extra input field at registration which says "Your TS3 Public ID", this input field you can sync with your TS3 database.

2.
I know you don't want to hear anything about tokens. but hey to activate a token this is a way of 3 Clicks. You can generate a token on click by the user in there prefernences screen and send it then by mail to him.

[LuckyWS]

ok first, do your wife know that you are offering her for code?

i think i got your problem know and i can think of two solutions which are in my eyes doable by a user.

1.
Provide an extra input field at registration which says "Your TS3 Public ID", this input field you can sync with your TS3 database.

2.
I know you don't want to hear anything about tokens. but hey to activate a token this is a way of 3 Clicks. You can generate a token on click by the user in there prefernences screen and send it then by mail to him.

Hi,

A constructive reply - however point 1 relies on users doing things, you cannot trust users to do anything right, for most yes, but the 20% that are too stupid to read will cock it up and fill my inbox with more crap, and it already takes me 4 hours a day to read the viagra stuff (85% off now u know).

2 . Same as above - my users need to know just thier username and password, if you give them anymore information they explode, really they do - its messy, blood and guts everywhere.

We as the programmers must take away all users inputs where possible, this is the foundation of good programming, and one which has been overlooked.

Let us not forget that this issue is also causing global warming since we are all spending time and power pondering this issue. Greenpeace will be lobbying us soon, mark my words.

As for the wife - its a need to know basis, and she doesnt need to know. (plus i recently bought a dishwasher)

[PeterW]

Of Cause in this solution members of a website must add there public userid to profile...

That's the point -> more work for the user -> more that can go wrong -> more support to give -> more work for the admins.

[LuckyWS]

That's the point -> more work for the user -> more that can go wrong -> more support to give -> more work for the admins.

See, why cant i post simple things like that. I love you PeterW

[Peter]

Hi,

there are a couple of possibilities:

Solution One
Send the IP/Port via serverquery that way at least we can get a recognition, albiet one which can be circumvented by the cunning, it at least is a start.

I think you are right, the ability to query for a clients IP address is missing, we will certainly add it.

Solution Two
Allow an optional username/password value to be sent

This is also possible...you can write a plugin or lua script for the ts3 client that will send along any data in the client_metadata field. The question is how you deliver this to you users in a way that makes things simpler, so I guess this solution is not very viable in your setup.

Solution Three:
As mentioned, have the users submit their uniqueID on the web page, maybe you could write a little script for them that automatically fetches it.

Solution Four:
You could have a bot client on your server (implemented via client plugin or lua script), that automatically whispers to any newly connected users and asks them for their username and password in private chat...if they authenticate correctly the bot automatically grants them their designated permission groups...and as long as they don't enter this data correctly their permissions are set up that they are stuck in a room they can not talk in and basically can do only one thing: talk to the bot. Users that fail to authenticate after a certain period of time can be kicked/banned of course. Also you need not clutter your lobby with these users, you can have them moved to a different channel where the bot deals with them.

Notes on the Authentification System:
I agree fully that the new authentification method via public/private key is something that many people need to "wrap their head around", since they are so used to loginname/password systems. And for some cases, it might even be more work (maybe in your case?) - but it DOES come with many very real and very good benefits that, in my opinion, make it a good choice, so please don't attack the system itself without considering its merits. And I will not shoot myself

[LuckyWS]

Im not knocking it as such - its just its not suiting my needs.

However, sort that IP via the queery ;-) interface and I will be a happy bunny, because this will be find for authentication for me as I have other application that WILL be logged in at the time of auth, and therefore this makes life easier, stops the cancer, greenpeace, and that recal bleeding I wa stalking about earlier.

Remove the Gun, and Open the Source Code!

[PeterW]

I think we all agree there are many solutions to get the new system into an existing username/password environemnt. It's just not that simple and easy anymore.

And I think we also all know that both systems have their advantages. It just depends on the environment you are using TS in.

So why not just add both systems? Provide two additional textboxes in the login window. Servers running on the new authentication system don't care what's in there and servers using the "old" system can use it to authenticate the user.

[LuckyWS]

I think we all agree there are many solutions to get the new system into an existing username/password environemnt. It's just not that simple and easy anymore.

And I think we also all know that both systems have their advantages. It just depends on the environment you are using TS in.

So why not just add both systems? Provide two additional textboxes in the login window. Servers running on the new authentication system don't care what's in there and servers using the "old" system can use it to authenticate the user.

xxxxx & hugs

[Dutch_com_freak]

Solution Two
Allow an optional username/password value to be sent

Before someone replies with "tokens" and the like, this is not suitable - My motto is that users are stupid, and that we as server admins should do everything that is programatically in our power to make users life easier, this reduces support and makes the world a better place.

yes..... if for some reason people lose there token (and they will!) and not have a backup (and they wont have it! its always the same) you will have to assign all priv's again. While in TS2 you would only have to reset there password...

Letting users keep there own details (as files on the computer) is usually a bad thing...... There are all sorts of ways to lose this data... (Harddisk crash, Bad write, reinstall windows, just plain supidity, bad read......)

TS please put an account system back in place

[LuckyWS]

yes..... if for some reason people lose there token (and they will!) and not have a backup (and they wont have it! its always the same) you will have to assign all priv's again. While in TS2 you would only have to reset there password...

Letting users keep there own details (as files on the computer) is usually a bad thing...... There are all sorts of ways to lose this data... (Harddisk crash, Bad write, reinstall windows, just plain supidity, bad read......)

TS please put an account system back in place

I love you too xxx

See, I think with all this love in the air they should add and send us these two small variables, and to be nice we will let you send a uniquid (we just wont use it )

[Hiigara]

Short story, I'm a member of a big corporation in the game called "Eve-Online", also, I am the guy that takes care of corporation forum and killboard.
With TS2, it was very easy, the forum used the eve-online api features to determine if a player is a member of "our" corp when registering to "our" forum and also add that player to TS2 user list using the same user/password.
Also because of the same features provided by eve-online api, it was possible to keep the Forum/TS userlist "clean", if a member left/was kicked from the corporation the Forum/TS2 user list was automaticaly updated.

So far, I cannot see any methods to integrate such behavior in TS3, the current auth method doesn't scale, and I cannot provide a "secure" environment that can be in sync with the existing auth methods (eve online api user/key -> successful forum registration/user deletion -> TS client using the same user/password as on forum)

The token system is great on paper, but it really doesn't scale.

[LuckyWS]

I am glad I am not alone in this.

I am very dissapointed that nobody has offered to take the wife away also :-)

The bottom line is on scale, when anonynominititiitytytyyty (you know what i mean) is not viable, TS3 is not worthy just yet; but I am sure you TS3 Developers love us enough to rectify this right? Give us a morsal of hope.

You will have to cover any shipping expenses, and I wont lie, its expensive to run and maintain, and has a bug which causes it to nag constantly - but its free :-) (The Wife, not TS3)