Bot::Cobalt::Plugin::Auth -- User management and auth plugin
This plugin provides the standard authorization and access control functionality for Bot::Cobalt.
A basic plugins.conf entry for this plugin:
Auth: Module: Bot::Cobalt::Plugin::Auth Config: auth.conf
auth.conf is the central configuration file for this plugin, including statically-configured superuser auth entries.
The SuperUsers directive specifies statically configured superusers, who receive access level 9999 by default and typically have access to the totality of the bot's functionality.
Users are specified per-context. Multiple masks can be specified as a list:
SuperUsers: Main: 'avenj': Mask: - '*avenj@*.oppresses.us' - '*avenj@*.cobaltirc.org' Password: '$2a$08$W19087w4d(. . . .)'
Password should be a hashed password. You can create them from the command line via
bmkpasswd from App::bmkpasswd, which this distribution depends on.
Opts defines a small set of password and database related options:
Opts: Method: 'bcrypt' Bcrypt_Cost: '08' AuthDB: 'db/authdb.yml'
Method is a string describing the preferred password hashing method for new passwords. Hashes are created via App::bmkpasswd --
bcrypt is the recommended method and guaranteed to be available.
If using bcrypt (see "Method"), the 'work cost factor' is configurable. Must be a two digit power of 2. Lower is faster (less secure), higher is slower (more secure).
The default work cost factor is '08' -- you can probably leave this alone.
Path (relative to the bot's
var/ directory) used to store user information (except for superusers).
Defaults to 'db/authdb.yml'
Required base access levels for specific operations.
RequiredPrivs: AddingUsers: 2 DeletingUsers: 2
/msg cobalt login <username> <password>
You must share at least one channel with the bot in order to log in.
You can change your own password at any time:
/msg cobalt chpass <oldpasswd> <newpasswd>
/msg cobalt user add <username> <level> <mask> <passwd>
New users can be added by anyone with at least
AddingUsers level (see "RequiredPrivs"). Users can only be added at levels below your own.
/msg cobalt user del <username>
Users can only be removed below your own access level (and you must have at least
DeletingUsers permissions -- see "RequiredPrivs")
/msg cobalt user chflags <username> +FLAG -FLAG [...]
Alter a user's marked flags; flags must be prefixed with + or - to indicate an addition or removal.
(As of this writing, flags are under-utilized in the Cobalt core distribution)
/msg cobalt user chpass <username> <passwd>
Alter a user's password manually. Only usable by superusers.
/msg cobalt user chmask <username> +*!*some@*.mask.example.org /msg cobalt user chmask <username> -*!*some@*.mask.example.org
Add or remove authorized masks for a particular user.
You can add or remove masks for yourself at any time, so long as you have at least "DeletingUsers" level (see "RequiredPrivs"). Altering masks for other users requires a higher access level than theirs.
Only one mask can be added or deleted at a time.
/msg cobalt user whois <nickname>
Find out if a nickname is currently logged in to the bot (and under what username / access level)
/msg cobalt user info <username>
Display user record information for a username.
/msg cobalt user list
Display the current user list.
Broadcast when a login is successful.
$context, $nickname, $username, $hostname, $authorized_level
Broadcast when a login fails.
$context, $nickname, $username, $hostname, "ERR_STR"
Where 'ERR_STR' is one of the following strings:
"NO_SUCH_USER" "NO_SHARED_CHANS" "BAD_HOST" "BAD_PASS"
Broadcast when a user is logged out, either manually or because the user was "lost" (no longer visible by the bot).
$context, $nickname, $hostname, $username, $authorized_level
Jon Portnoy <email@example.com>