[MUD-Dev] RE: Login and Accounts

Matt Chatterley matt at mpc.dyn.ml.org
Wed Jul 22 01:38:23 CEST 1998


-----BEGIN PGP SIGNED MESSAGE-----


On 19-Jul-98 Mike L Kesl wrote:
> .. o O ( Logins and Accounts ) O o .
> (mlkesl 980716 - revised)
> (mlkesl 980711 - created)
> 
> Problem: What do we do when someone logs in...
> Goals: Allow a secure login for a single person.

Probably better stated as 'allow a more theoretically secure login for the
user' - still incorrect. Yes, a phrasing nitpick. Security is generally
imaginary, but there are certainly things which are desirable (in many
mindsets) to avoid. Unknown 2nd characters *are* within this category, at
least, for myself. People playing 'pass the character' too.
 
> 
> I propose that we have a system in which players have a single account. This
> account should somehow be linked to a verifiable identity. The most obvious
> way of doing this I can think of is by using email authentication.

I plan on doing just this myself. The downside of requiring email
authentication is of course that those without regular email access are gibbed.
Not a major concern for me - most people have email. I'm afraid it comes down
to being tough on those who don't. And those who rely on 'free' services such
as NotMail and Wah-ooh.
 
> .. ( email authentication ) .
> Under this system, a new player logs in and gives his account a name as well
> as a valid email address. The server then mails a randomly generated
> password to that address. The player receives this mail and reconnects to
> the server, where he connects as a normal player would using the password
> mailed to him. He will also be forced to change his password at that time.

Yup. The account-level login allows access to chracter-controls for me; you can
read your mail (mail sent to any character accumulates at the account level),
choose which character to play, delete a character, create a new character, and
so forth.
 
> I am currently thinking that we will have to allow addresses from the free
> email services as valid, as I am sure there are people who use such accounts
> as their sole form of email. This could be a problem as people might simply
> get new free email accounts in order to create multiple accounts. This same
> problem goes for those people who actually have more than one valid email
> account, such as myself.

I refuse to do so; part of the point in having the email address for myself, is
to have a handle on who they really are (or at least, one of the accounts they
use). You cause trouble? We can at least poke one of your sites. Multiple
accounts are a problem, yes, but not really one worth bothering dealing with -
the 'many to one' mapping of a single players connections to a given server is
not something likely to go away, nor is it something which you can easily cope
with.
 
> There has to be a way we can do this well...
> 
> An account is the player's account, it will hold all OOC info as well as
> provide them with the ability to participate in an OOC chat room, which will
> be the place for OOC conversations.

Yup. For me it does allow access to lines (all OOC), which are also available
from the character as well. This lets they just chat if they want (using fewer
resources, and putting no IC risk on the character).

> Each account can have a single character.

Or however many you want to allow.
 
> Each account might also have one or more of the following:
> a builder
> a ventriloquist?/storyteller?
> a dugeonmaster?/puppeteer?
> a god (which is simply all of the above?)

As above, whatever suits your purpose best.
 
> Perhaps each account will simply have a contributor ranking instead, where 0
> means that account can only be used to play, 1 might mean they would also
> build, all the way up to 10, which would be the for like the coders. Then,
> with that hierarchy established we could assume that an account of such and
> such rank was automatically granted the powers of all those ranks below his
> own. This is not good OOD, and maybe neither is the above idea.

Nod. This works. Currently I store this information in the actual characters,
though (a 'speed login' is available which drops you right into a character of
your choice from the start screen, providing total compatability with clients
which auto-login for you, and some backwards UI compatibility. Lack of this
would drive me spare, for one).

> Another thought that comes to mind is to use a composite model, where
> accounts are a composite of one or more "priviledges". Some examples are
> necessary to best illustrate this concept of composite design.
> 
>       Eg.             Account: Mike L Kesl    E-Mail: mlkesl at hotmail.com
>                       Priviledges:    builder, designer, coder
>                       
>                       Account: John Q Mud             E-Mail: john17 at usa.net
>                       Priviledges:    ooc, character
>                       
>                       Account: Mahst R Bilder E-Mail: mrbilder at leet.org
>                       Priviledges:    ooc, character, builder, helper
>                       
> Stuff like that...That does not seem like a bad one to me...*shrug*

Seems ok here, too.
 
> Those with different priviledges would be given different choices on the
> main menu. On the same note, those accounts connected as something other
> than character would be somewhat seperated from those connected as builders
> for example. This should be pretty helpful for everyone.

A good starting point. :)

- ---
        -Matt Chatterley
        http://user.itl.net/~neddy/
"You may say I'm a dreamer, but I'm not the only one.." -John Lennon (Imagine)

-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 5.0i for non-commercial use
Charset: noconv

iQB1AwUBNbVCj0sWGgRW8+MZAQGrhgMAtTLT49RO0mfXUdZK3MqSBhI9DqjOOFA1
CNyC/6bBVNkjqucQqs+7tTcmkfUqht7kEifpzVONbwz/ebD18kfbNE3NTdDT2Abi
zsxlDXkw4tMkTA7sOsLiwKNEUNleG9Wg
=PpJv
-----END PGP SIGNATURE-----




More information about the mud-dev-archive mailing list