- removed version
pwcache is not working
Issue #99
wontfix
expected (1.4.4) behavior: logging in during billing outage will check your password against the cache and authenticate you correctly, protecting your account and not forcing you to use a ^name.
actual (tip) behavior: logging in during billing outage on a cached name will return incorrect password. logging in on a new name will work.
guess what, another module using the obscure persist interface that is tedious to debug. pwcache and auth_file are loaded, as it was on the 1.4.4 server. tried one name already listed in auth_file and one not, both return incorrect password.
Comments (2)
-
reporter
-
Account Deleted
- changed status to wontfix
Stag says the key is setting SupportDemographics = 1 in the S2B packet.
Unless we start having problems with ssc zones losing biller (I can't even remember when it last happened in PB), I suggest wontfix
- Log in to comment
grumble grumble something occurred to me. The timing was around when we upgraded to 1.5.0rc1 but I think that just threw us off the real culprit: the full biller identity being sent to the zone causes Continuum to hash the password, and the hash will be different when the biller sends a different identity--so the password that gets cached is useless because it'll only be good for a few minutes.
this might mean that pwcache has to be written off for zones running billing_ssc, unless they also want to forfeit redirect (but I doubt ssc would prefer plaintext passwords being sent to any zone anyway.)
a possibility, though the security implications are probably dubious, is caching the biller identity along with the password, and sending that to the player during the login sequence when the biller is down only, thus perhaps causing Continuum to send the same hash, assuming there's no pesky details about that. this is still probably not preferred because it would probably disable the warning about the zone not being connected to SSC. need political guidance before proceeding.