home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
Tech Arsenal 1
/
Tech Arsenal (Arsenal Computer).ISO
/
tek-20
/
bb21c.zip
/
AUTHENT.DOC
< prev
next >
Wrap
Text File
|
1992-04-02
|
2KB
|
56 lines
Authentication is now provided for all levels of users. This is
controlled by the AccessControl field of the user's record ORed with the
same field from the port.
Possible authentication levels are:
S - Authentication need for SEND command
A - Authentication need for access to the BBS
B - Authentication need for BBS Status (not implemented yet).
R - Authentication need for remote sysop
These flags are set for users using the EU command. For ports, use the
ACCESS_CONTROL parm in PARMS.BB
Since the flags are "ORed", if a port requires authentication for SEND
command and the user does not, the port specification will hold.
Note that once you have authenticated, all future operations which
require authentication will succeed. SO if a port requires all users
and send commands to be authenticated, the send command will work
without additional authentication since the user already did it to get
on.
Modem users will NOT be asked to authenticate since they already have by
entering their modem password.
PASSWORDS
---------
These are contained in file pointed to by PASSWORD_FILE in PARMS.BB.
Each password is on a separate line. The first token of the line is the
callsign. The rest of the line is the password (leading blanks are
removed. Example:
AA4RE My password is this whole thing. It starts with the "M" in "My".
Passwords must be at least 7 characters long but should be much longer.
When the user is asked to authenticate, he will be prompted for the
password and given five numbers. The five numbers correspond to letters
in the password and this is the reply that must be given. Note that
blanks count but will never be prompted for.
Example:
If my password is shown as above and the system says 1 8 13 21 35 then I
must reply MwiwI.
The system will continue to prompt for a password until a null line is
given. This allows you to answer with several bad passwords and one
good one. Someone monitoring the conversation would then not know which
was valid and which was not. This idea was adapted from the NETROM
system.
You can issue a "?" during the authentication process to ensure that you
have succeeded.