1. Forum
  2. DOVE-Net
  3. Synchronet Programming

  • exec/rlogin.js

    From Rob Swindell (on Debian Linux)@VERT to Git commit to main/sbbs/master on Friday, August 09, 2024 21:40:08
    https://gitlab.synchro.net/main/sbbs/-/commit/c286eb9f79a2bd10e0383ab2
    Modified Files:
    exec/rlogin.js
    Log Message:
    Fixed typo

    ---
    þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
  • From Rob Swindell (on Debian Linux)@VERT to Git commit to main/sbbs/master on Monday, October 21, 2024 11:32:07
    https://gitlab.synchro.net/main/sbbs/-/commit/454ef936c5163eece13fbe00
    Modified Files:
    exec/rlogin.js
    Log Message:
    The P, C, and v options would report 'unrecognized option'

    Fix for issue #798

    ---
    þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
  • From Rob Swindell (on Debian Linux)@VERT to Git commit to main/sbbs/master on Tuesday, October 29, 2024 13:45:03
    https://gitlab.synchro.net/main/sbbs/-/commit/f654c1d758fad83eaa3d19b1
    Modified Files:
    exec/rlogin.js
    Log Message:
    Allow multiple uses of -c and -s options to built-up an auth string

    To solve problem of adding some kind of prefix/tag to a user alias when connecting to a door server. e.g. ?rlogin server -s [TAG] -s %a

    Hopefully you don't need/want a space separating the string elements, as
    that's not really doable with this solution.

    ---
    þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
  • From Rob Swindell (on Debian Linux)@VERT to Git commit to main/sbbs/master on Saturday, April 19, 2025 13:26:00
    https://gitlab.synchro.net/main/sbbs/-/commit/d9ec9756815cdaf1e29d8477
    Modified Files:
    exec/rlogin.js
    Log Message:
    Add -H <password> option, to send specified hashed-password

    ... rather than a hash of the *user's* password. This allows the local
    user to potentially change their password later without invalidating it on
    the RLogin server, assuming the RLogin server saves/reuses the specified password for subsequent authentication (as the Synchronet terminal server does).

    The existing -h option still works as before, but it's a known issue that if
    a user changes their password locally, they will no longer be able to re-authenticate with any RLogin servers they previously created accounts on using the previous password.

    With the -H option, the sysop is instead in control of the password used and since the resulting hash is from a combination and system and user unique source data (including optinal salt), as long the same -H password is not used for multiple 3rd party Rlogin servers, the hashed password should be secure from capture and reuse on any other RLogin server (or the local server).

    While the -h option might be slightly more secure (since a different user password is likely used for each generated hash), the -H option is less error-prone and still considered (by me) to be secure from password leaking
    and malicious reuse.

    ---
    þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net