I am currently trying to setup a server where two factor authentication is mandatory for staff members, but seemingly non-existent to players. I feel this provides a good balance of security and usability. I attempted to create this by giving all players the flexiblelogin.bypass permission, and denying this permission for staff members. I enabled the "bypassPermission" setting in the config.conf file. When this didn't work, with all players being subject to "/register" spam upon join, I enabled the "playerPermissions" setting, which had no effect. I have verified multiple times that the flexiblelogin.bypass permissions is correctly assigned.
How can I ensure that all staff members are protected via 2fa, but that non-staff players aren't bothered by it?
bypassPermission=true
# Should only the specified commands be protected from unauthorized access
commandOnlyProtection=false
# Email configuration for password recovery
emailConfiguration {
# Username for the account you want to the email from
account=""
# Is password recovery using an email allowed
enabled=false
# Mail server
host="smtp.gmail.com"
# Password for the account you want to the email from
password=""
# SMTP Port for outgoing messages
port=465
# Displays as sender in the email client
senderName="Your minecraft server name"
# Email subject/title
subject="Your new Password"
# Email contents. You can use HTML here
text="New password for %player% on Minecraft server %server%: %password%"
}
# Algorithms for hashing user passwords. You can also choose totp
hashAlgo=totp
# Should the plugin login users automatically if it's the same account from the same IP
ipAutoLogin=false
# Custom command that should run after the user tried to make too many attempts
lockCommand=""
# How many login attempts are allowed until everything is blocked
maxAttempts=3
# How many accounts are allowed per ip-addres. Use 0 to disable it
maxIpReg=0
# Interval where the please login will be printed to the user
messageInterval=2
# The user should use a strong password
minPasswordLength=4
# Should this plugin check for player permissions
playerPermissions=true
# If command only protection is enabled, these commands are protected. If the list is empty all commands are protected
protectedCommands=[
op,
pex
]
# Teleport the player to a safe location based on the last login coordinates
safeLocation=true
# Database configuration
sqlConfiguration {
# Database name
database=flexiblelogin
# Password in order to login
password=""
# Path where the database is located. This can be a file path (h2/SQLite) or an IP/Domain (MySQL/MariaDB)
path="%DIR%"
# Port for example MySQL connections
port=3306
# SQL server type. You can choose between h2, SQLite and MySQL/MariaDB
type=H2
# It's strongly recommended to enable SSL and setup a SSL certificate if the MySQL/MariaDB server isn't running on the same machine
useSSL=false
# Username to login the database system
username=""
}
teleportConfig {
coordX=0
coordY=0
coordZ=0
# Should the plugin use the default spawn from the world you specify below
defaultSpawn=false
enabled=false
# Spawn world or let it empty to use the default world specified in the server properties
worldName=""
}
# Number of seconds a player has time to login or will be kicked.-1 deactivates this features
timeoutLogin=60
# Should the plugin save the login status to the database
updateLoginStatus=false
# How seconds the user should wait after the user tried to make too many attempts
waitTime=300
Hello,
I am currently trying to setup a server where two factor authentication is mandatory for staff members, but seemingly non-existent to players. I feel this provides a good balance of security and usability. I attempted to create this by giving all players the flexiblelogin.bypass permission, and denying this permission for staff members. I enabled the "bypassPermission" setting in the config.conf file. When this didn't work, with all players being subject to "/register" spam upon join, I enabled the "playerPermissions" setting, which had no effect. I have verified multiple times that the flexiblelogin.bypass permissions is correctly assigned.
How can I ensure that all staff members are protected via 2fa, but that non-staff players aren't bothered by it?
LuckPerms Version: 3.4.52 FlexibleLogin Version: 0.16.2 SpongeForge Version: 1.12.2-2529-7.0.0-BETA-2730 Modpack: FTB Horizons III
FlexibleLogin Config: