Hello,

Basically all I want to do is bypass the user login process. I would like to use the username and password passed through RLOGIN.

I am trying to use Synch as a door server only and be as streamlined as possible. I don't want any prompts for password setting, real names, etc. I have used the SCFG to toggle as much as this stuff off but it is still generating the random password, etc.

Thanks

---
þ Synchronet þ electronic chicken bbs - bbs.electronicchicken.com

Re: Bypassing newuser questions for Rlogin door server
By: zandus to All on Sat Oct 10 2015 06:34 pm

Hello,

Basically all I want to do is bypass the user login process. I would like to use the username and password passed through RLOGIN.

I am trying to use Synch as a door server only and be as streamlined as possible. I don't want any prompts for password setting, real names, etc.
I have used the SCFG to toggle as much as this stuff off but it is still generating the random password, etc.

When logging on with an unrecognized username via RLogin, the new user process is started with the username and password supplied by the RLogin client. If the password supplied by the RLogin client does not meet the requirements of the system (e.g. if it exists in text/password.can or is too short or obvious), then Synchronet will generate a random password for the user.

I'm not sure what you mean by "etc.", but if you have a specific prompt you have questions about disabling, please specify.

For most of the Yes/No style prompts, you can disable them by setting the question string to a blank/empty string ("") in your ctrl/text.dat file. That might provide the "streamlining" you're looking for.

digital man

Synchronet "Real Fact" #10:
DOVE-Net was originally an exclusive ("elite") WWIVnet network in O.C., Calif. Norco, CA WX: 82.7øF, 35.0% humidity, 3 mph WNW wind, 0.00 inches rain/24hrs

---
þ Synchronet þ Vertrauen þ Home of Synchronet þ telnet://vert.synchro.net

Thanks for the reply,

Essentially what I would like is the newuser process to be virtually eliminated by simply using the username and password supplied by RLOGIN.

I think my issue is with the password generation scheme as it is now. Is there a way of lessening the security on the password so that the random password is never generated and Synchronet merely goes along with whatever is passed?

---
þ Synchronet þ electronic chicken bbs - bbs.electronicchicken.com

Re: Bypassing newuser questions for Rlogin door server
By: zandus to Digital Man on Mon Oct 12 2015 10:40 am

Thanks for the reply,

Essentially what I would like is the newuser process to be virtually eliminated by simply using the username and password supplied by RLOGIN.

I think my issue is with the password generation scheme as it is now. Is there a way of lessening the security on the password so that the random password is never generated and Synchronet merely goes along with whatever is passed?

You can "loosen" the password requirements by deleting or renaming your text/password.can file. Other password requirements (e.g. that the password cannot contain the system name or the user's alias) cannot be removed without modifying the C++ source code (str.c).

digital man

Synchronet "Real Fact" #48:
Synchronet program was named 'sbbs' instead of 'sync' to avoid conflict w/Unix. Norco, CA WX: 87.8øF, 37.0% humidity, 11 mph SE wind, 0.00 inches rain/24hrs

---
þ Synchronet þ Vertrauen þ Home of Synchronet þ telnet://vert.synchro.net

El 12/10/15 a las 20:10, Digital Man escribió:

Re: Bypassing newuser questions for Rlogin door server
By: zandus to Digital Man on Mon Oct 12 2015 10:40 am

Thanks for the reply,

Essentially what I would like is the newuser process to be virtually eliminated by simply using the username and password supplied by RLOGIN.

I think my issue is with the password generation scheme as it is now. Is there a way of lessening the security on the password so that the random password is never generated and Synchronet merely goes along with whatever is passed?

You can "loosen" the password requirements by deleting or renaming your text/password.can file. Other password requirements (e.g. that the password cannot contain the system name or the user's alias) cannot be removed without modifying the C++ source code (str.c).

digital man

maybe, can use a custom shell that silent create the user?

---
þ Synchronet þ Dock Sud BBS TLD 24 HS - http://www.docksud.com.ar - telnet://bbs.docksud.com.ar

Likely beyond my abilities at this time. All I want to do is get rid of the random password and use the one passed by rlogin.

Too bad it's not more simple.

---
þ Synchronet þ electronic chicken bbs - bbs.electronicchicken.com

Likely beyond my abilities at this time. All I want to do is get rid of the random password and use the one passed by rlogin.

One way to achieve what you're looking for would be to pre-create the user on your Synchronet BBS (or change the user's password if they already exist there) before passing them along via rlogin.

What kind of BBS are these rlogin sessions originating from? Do you have the ability to execute an external program (a script) prior to initiating the rlogin connection?

---
echicken
electronic chicken bbs - bbs.electronicchicken.com - 416-273-7230

---
þ Synchronet þ electronic chicken bbs - bbs.electronicchicken.com

I see newuser_signup.js which seems to contain what I am looking for, but is this implemented yet?

---
þ Synchronet þ electronic chicken bbs - bbs.electronicchicken.com

One way to achieve what you're looking for would be to pre-create the user on your Synchronet BBS (or change the user's password if they already exist there) before passing them along via rlogin.

What kind of BBS are these rlogin sessions originating from? Do you have the ability to execute an external program (a script) prior to initiating the rlogin connection?

---
echicken
electronic chicken bbs - bbs.electronicchicken.com - 416-273-7230

Originating from a Worldgroup BBS on the same machine. No easy way for me to execute much of anything before the rlogin is passed to Synchronet.

---
þ Synchronet þ electronic chicken bbs - bbs.electronicchicken.com

Re: Re: Bypassing newuser questions for Rlogin door server
By: zandus to zandus on Sun Oct 18 2015 07:22 pm

I see newuser_signup.js which seems to contain what I am looking for, but is this implemented yet?

It's not used normally by Synchronet. That's an experimental JS-only replacement for the new user registration process in the terminal server.

digital man

Synchronet "Real Fact" #46:
The Synchronet Museum is online at http://wiki.synchro.net/history:museum: Norco, CA WX: 64.0øF, 91.0% humidity, 0 mph SE wind, 0.00 inches rain/24hrs

---
þ Synchronet þ Vertrauen þ Home of Synchronet þ telnet://vert.synchro.net

Re: Re: Bypassing newuser questions for Rlogin door server
By: zandus to echicken on Sun Oct 18 2015 07:24 pm

One way to achieve what you're looking for would be to pre-create the user on your Synchronet BBS (or change the user's password if they already exist there) before passing them along via rlogin.

What kind of BBS are these rlogin sessions originating from? Do you have the ability to execute an external program (a script) prior to initiating the rlogin connection?

Originating from a Worldgroup BBS on the same machine. No easy way for me to execute much of anything before the rlogin is passed to Synchronet.

And do you know what's wrong with the passwords (e.g. why Synchronet isn't accepting them)?

digital man

Synchronet "Real Fact" #12:
Synchronet was the first BBS software to ship with internal QWK networking. Norco, CA WX: 64.0øF, 91.0% humidity, 0 mph SE wind, 0.00 inches rain/24hrs

---
þ Synchronet þ Vertrauen þ Home of Synchronet þ telnet://vert.synchro.net

Re: Re: Bypassing newuser questions for Rlogin door server
By: zandus to zandus on Sun Oct 18 2015 07:22 pm

I see newuser_signup.js which seems to contain what I am looking for, but is this implemented yet?

Not yet.. Heh. Deuce and I were working on it for a while, but it's still incomplete as of yet.

)))[Psi-Jack -//- Decker]

... I often quote myself; it adds spice to my conversation.

---
þ Synchronet þ Decker's Heaven -//- bbs.deckersheaven.com

Re: Re: Bypassing newuser questions for Rlogin door server
By: zandus to echicken on Sun Oct 18 2015 07:24 pm

And do you know what's wrong with the passwords (e.g. why Synchronet isn't accepting them)?

digital man

Synchronet "Real Fact" #12:
Synchronet was the first BBS software to ship with internal QWK networking. Norco, CA WX: 64.0°F, 91.0% humidity, 0 mph SE wind, 0.00 inches rain/24hrs

---
â–  Synchronet â–  Vertrauen â–  Home of Synchronet â–  telnet://vert.synchro.net
It's not so much a case of the passwords not being accepted, it is Synchronet's generation of a random password and prompting the user for one.

What I want is for Synch to just use the RLOGIN username and password provided to it and not to prompt the user for that information whatsoever. The RLOGIN process should be totally seamless, which is kind of the whole point.

---
þ Synchronet þ electronic chicken bbs - bbs.electronicchicken.com

Re: Re: Bypassing newuser questions for Rlogin door server
By: zandus to Digital Man on Mon Oct 19 2015 11:06 pm

Re: Re: Bypassing newuser questions for Rlogin door server
By: zandus to echicken on Sun Oct 18 2015 07:24 pm

And do you know what's wrong with the passwords (e.g. why Synchronet isn't accepting them)?

It's not so much a case of the passwords not being accepted, it is Synchronet's generation of a random password and prompting the user for one.

Synchronet only generates a password for the new (RLogin) user if the password provided (via RLogin) is somehow considered insufficient.

What I want is for Synch to just use the RLOGIN username and password provided to it and not to prompt the user for that information whatsoever. The RLOGIN process should be totally seamless, which is kind of the whole point.

I guess I will try askin again: Is Synchronet displaying a message to the new user about the password being too short or too obvious or giving *some* indication why it's not using the Rlogin-supplied password for the new user account?

digital man

Synchronet "Real Fact" #81:
Flapuebarg unf vagreany ebg13 fhccbeg sbe fhcresvpvnyyl rapelcgvat grkg.
Norco, CA WX: 63.5øF, 77.0% humidity, 1 mph W wind, 0.00 inches rain/24hrs

---
þ Synchronet þ Vertrauen þ Home of Synchronet þ telnet://vert.synchro.net

Synchronet is not giving any indication whatsoever that the RLOGIN password is insufficient.

I was unaware that it only generates a password if the RLOGIN password is deemed "insufficient." I will try with several different RLOGIN passwords to see what the issue is. Deleting the password.can file did not seem to change this behaviour.

---
þ Synchronet þ electronic chicken bbs - bbs.electronicchicken.com

On my setup, with a 8 character password supplied by RLOGIN, I get through the registration process and then:

Your password is W8RGOK2S

Write down your password and keep it confidential.

Enter this password for verification:

There is not even a prompt to deny using the random password at all, it is demanded. This is with the default password.can in the TEXT directory.

---
þ Synchronet þ electronic chicken bbs - bbs.electronicchicken.com

Re: Re: Bypassing newuser questions for Rlogin door server
By: zandus to zandus on Thu Oct 22 2015 12:03 am

On my setup, with a 8 character password supplied by RLOGIN, I get through the registration process and then:

Your password is W8RGOK2S

Write down your password and keep it confidential.

Enter this password for verification:

There is not even a prompt to deny using the random password at all, it is demanded. This is with the default password.can in the TEXT directory.

Are you sure a password is actually being passed via RLogin?

Do you see a line similar to the following in your Terminal Server log output: Node 1 Rlogin UKNOWN USER: 'someuser' (password: somepass)
???

If so, what does it say?

If a valid and sufficiently-secure password is passed via RLogin, Synchronet will use that and not even bother generating a random one, for the new user.

If a password is supplied by the RLogin client, but is not determined to be sufficiently-secure, the Terminal Server will display a message to the user to this effect (e.g. PasswordTooShort or PasswordInvalid from your ctrl/text.dat file) before then generating a random password.

If a password is randomly-generated *and* the user is not given the option to use their own password, then either you have SCFG->System->Users Can Change Password set to "No" or you have the NewPasswordQ line in your ctrl/text.dat file set to a blank string.

digital man

Synchronet "Real Fact" #27:
Rob Swindell's first computer was a Commodore VIC-20 (1980).
Norco, CA WX: 66.4øF, 66.0% humidity, 3 mph SSW wind, 0.00 inches rain/24hrs

---
þ Synchronet þ Vertrauen þ Home of Synchronet þ telnet://vert.synchro.net

Ugh, OK I figured this one out. Something is going on from the Worldgroup RLOGIN side of things. Synchronet is showing the rlogin user and password to be the same string.

For instance, user "foobar" is showing the password as "foobar" as well.

The thing that threw me is that any consecutive rlogin after the newuser process seems to work OK, no matter what the password is. I could go in with the user editor and change that password after the fact and no matter what, the user will be able to login despite Synchronet seeing the password to be the same as their username. Bad assumption on my part that RLOGIN was sending the password correctly.

I am assuming there are no RLOGIN options in Synchronet for fixing the (non standard?) RLOGIN data it is receiving? I remember a "2nd username" option or something in the past that was removed at some point.

Thanks for all the help

---
þ Synchronet þ electronic chicken bbs - bbs.electronicchicken.com

Re: Re: Bypassing newuser questions for Rlogin door server
By: zandus to Digital Man on Thu Oct 22 2015 10:43 pm

Ugh, OK I figured this one out. Something is going on from the Worldgroup RLOGIN side of things. Synchronet is showing the rlogin user and password to be the same string.

For instance, user "foobar" is showing the password as "foobar" as well.

The thing that threw me is that any consecutive rlogin after the newuser process seems to work OK, no matter what the password is. I could go in with the user editor and change that password after the fact and no matter what, the user will be able to login despite Synchronet seeing the password to be the same as their username. Bad assumption on my part that RLOGIN was sending the password correctly.

I am assuming there are no RLOGIN options in Synchronet for fixing the (non standard?) RLOGIN data it is receiving? I remember a "2nd username" option or something in the past that was removed at some point.

Actually, passing the password via RLogin is not exactly a "standard" either. If the Worldgroup BBS is running on the same computer, you could add the source IP address (probably 127.0.0.1) to your ctrl/rlogin.cfg file. This would automatically authenticate based on user-name only (no password needed) for RLogin connections from that IP address.

digital man

Synchronet "Real Fact" #27:
Rob Swindell's first computer was a Commodore VIC-20 (1980).
Norco, CA WX: 64.7øF, 86.0% humidity, 3 mph ESE wind, 0.00 inches rain/24hrs

---
þ Synchronet þ Vertrauen þ Home of Synchronet þ telnet://vert.synchro.net