The identity problem has basically 2 modes of failure.
1) A user who does not own a name uses it anyway (the imposter).
2) A user who owns a name fails indentification and gets threated like an imposter.
You really need to avoid both reliable to not make the thing an annoying joke.
VSj wrote: a dynamically created Admin config could then be included with the Steam users current keyid in case the identification succeeded.
I've not tested this but from what I remember I think the dedcon's already present /login command could be exploited.
That is a nice idea, I did not think of before.
But "a dynamically created Admin config could [...] be included [...] in case the identification succeeded" does not stop imposters from using the name, only avoids failure 2.
To avoid failure 1 you would need to include a static Admin config and then override it later* by a dynamically created one (in case of a positive identification). But then you can't use /login for identification as the user will never be in possession of his name before using it to identify.
You would need to give every user a 2nd login he
has to use in order to get the rights for his real name. Maybe adding
Code: Select all
Admin Senator~123456~1~password
Admin fake Senator~~1~password
the faked name would do it, tought.
VSj wrote:Would the late included conf then even rename impostors to fake retrospectively?
Don't know either, but I know ForceName works that way. I mean it can be used at any time to rename a user by the server.
*Dont actually know what happens if dedcon gets 2 contradicting Admin lines, but they certainly don't just get overriden.