1. Forum
  2. Fidonet
  3. ALT.BBS.MYSTIC

  • Log on restrictions

    From Ivan Kovalenko@2:5057/53 to All on Tue Nov 12 20:58:00 2024
    Hello, All.

    Trying to figure out (if this is ever possible) how to configure Mystic to allow a sysop (s255) account to log on only via ./mystic -l , i.e. locally. Browsed the manual, whatsnew and wiki but still got no clue.

    Best regards, Ivan.


    --- MBSE BBS v1.0.8.4 (Linux-x86_64)
    * Origin: Agency HUB, Dunedin - New Zealand (2:5057/53@fidonet)
  • From Nicholas Boel@4711:770/1 to Ivan Kovalenko on Wed Nov 13 04:16:58 2024
    Hello Ivan,

    On Tue, Nov 12 2024 12:58:00 -0600, you wrote:

    Trying to figure out (if this is ever possible) how to configure
    Mystic to allow a sysop (s255) account to log on only via ./mystic -
    l , i.e. locally. Browsed the manual, whatsnew and wiki but still
    got no clue.

    While I'm not completely sure on the answer you're looking for..

    It's possible this has never been addressed before, because:

    Why would you want to restrict access to your sysop account - the /only/ account that is able to do anything administrative (of course, if you
    don't allow sysop access to any other accounts)?

    Would another possibility be to use "Anonymous Login" or something to
    where you don't see the sysop's statistics mixed in with the rest of the users?

    Regards,
    Nick

    .... Take my advice, I don't use it anyway.

    --- MBSE BBS v1.0.8.4 (Linux-x86_64)
    * Origin: Agency HUB, Dunedin - New Zealand (4711:770/1@fidonet)
  • From Ivan Kovalenko@2:5057/53 to Nicholas Boel on Thu Nov 14 14:48:22 2024
    Hello, Nicholas.

    13 Nov 24 06:16, you wrote to me:

    Hello Ivan,

    On Tue, Nov 12 2024 12:58:00 -0600, you wrote:

    Trying to figure out (if this is ever possible) how to configure
    Mystic to allow a sysop (s255) account to log on only via ./mystic -
    l , i.e. locally. Browsed the manual, whatsnew and wiki but still
    got no clue.

    Why would you want to restrict access to your sysop account - the
    /only/ account that is able to do anything administrative (of course,
    if you don't allow sysop access to any other accounts)?

    Well, not completely, I want to restrict s255 accounts from logging on
    remotely only, they shall still be able to log on locally. Tried to edit
    the prelogin menu, hoping there could be a way to tell the difference,
    but no luck.

    Best regards, Ivan.


    --- MBSE BBS v1.0.8.4 (Linux-x86_64)
    * Origin: Agency HUB, Dunedin - New Zealand (2:5057/53@fidonet)
  • From Nicholas Boel@4713:770/1 to Ivan Kovalenko on Thu Nov 14 16:39:14 2024
    Hello Ivan,

    On Thu, Nov 14 2024 06:48:22 -0600, you wrote:

    Well, not completely, I want to restrict s255 accounts from logging on remotely only, they shall still be able to log on locally. Tried to edit
    the prelogin menu, hoping there could be a way to tell the difference,
    but no luck.

    I'm not sure it is currently possible.

    If you explain your situation a bit better, I may be able to suggest some kind of workaround.

    Above, you say "accounts". Do you plan on adding more than one full sysop accounts? If this is the case, you can use s250 for message and file area sysops, rather than giving them full sysop access.

    Or are you just a security junkie, and afraid that someone might hack the sysop
    account's password /and/ the sysop access password?

    Regards,
    Nick

    .... He who laughs last, thinks slowest.

    --- MBSE BBS v1.0.8.4 (Linux-x86_64)
    * Origin: Agency HUB, Dunedin - New Zealand (4713:770/1@fidonet)
  • From Todd Yatzook@1:142/799 to Nicholas Boel on Fri Nov 15 08:54:50 2024
    On 14 Nov 2024, Nicholas Boel said the following...

    Hello Ivan,

    On Thu, Nov 14 2024 06:48:22 -0600, you wrote:

    Well, not completely, I want to restrict s255 accounts from logging on remotely only, they shall still be able to log on locally. Tried to edit the prelogin menu, hoping there could be a way to tell the difference, but no luck.

    I'm not sure it is currently possible.

    If you explain your situation a bit better, I may be able to suggest
    some kind of workaround.

    Above, you say "accounts". Do you plan on adding more than one full sysop accounts? If this is the case, you can use s250 for message and file area sysops, rather than giving them full sysop access.

    Or are you just a security junkie, and afraid that someone might hack
    the sysop account's password /and/ the sysop access password?

    Regards,
    Nick

    You can do that with an MPS or MPY script. Have it set at the beginning of your
    prelogin menu. Just have to have the script check if IP is set to something other than a configged IP to check against, like localhost or a machine's IP on
    your network and only trigger in the prelogin menu if the ACS is 255.


    --- MBSE BBS v1.0.8.4 (Linux-x86_64)
    * Origin: Agency HUB, Dunedin - New Zealand (1:142/799@fidonet)
  • From Ivan Kovalenko@2:5057/53 to Todd Yatzook on Fri Nov 15 18:39:40 2024
    Hello, Todd.

    15 Nov 24 10:54, you wrote to Nicholas Boel:

    You can do that with an MPS or MPY script. Have it set at the
    beginning of your prelogin menu. Just have to have the script check if
    IP is set to something other than a configged IP to check against,
    like localhost or a machine's IP on your network and only trigger in
    the prelogin menu if the ACS is 255.

    Sounds reasonable and promising, thanks for the hint!

    Best regards, Ivan.


    --- MBSE BBS v1.0.8.4 (Linux-x86_64)
    * Origin: Agency HUB, Dunedin - New Zealand (2:5057/53@fidonet)