Difference between revisions of "Authentication"

From Mumble Wiki
Jump to: navigation, search
(Created page with '== Authentication Methods == As of version 1.2.0, Mumble supports strong encryption and authentication based on certificates instead of passwords. There are three levels to auth…')
 
Line 2: Line 2:
  
 
As of version 1.2.0, Mumble supports strong encryption and authentication based on certificates instead of passwords. There are three levels to authentication scenarios in Mumble now:
 
As of version 1.2.0, Mumble supports strong encryption and authentication based on certificates instead of passwords. There are three levels to authentication scenarios in Mumble now:
 +
 +
=== No Password Set, Certificate in Client ===
 +
 +
If a client is registered to a user name by another user (or themselves, if privileges allow) from inside the Mumble client (by right clicking on the user, or themselves, and clicking "Register"), the account is created with no password but the certificate is connected to that account and only a user with that certificate will be able to connect as that user.
  
 
=== Password Set, No Certificate in Client ===
 
=== Password Set, No Certificate in Client ===
Line 10: Line 14:
  
 
There's still no way to set a password for an account other than SuperUser from Mumble or Murmur itself - you'll need an [[3rd Party Applications |administration package]] to do that. If you don't have one, the next scenario is much more likely.
 
There's still no way to set a password for an account other than SuperUser from Mumble or Murmur itself - you'll need an [[3rd Party Applications |administration package]] to do that. If you don't have one, the next scenario is much more likely.
 
=== No Password Set, Certificate in Client ===
 
 
If a client is registered to a user name by another user (or themselves, if privileges allow) from inside the Mumble client (by right clicking on the user, or themselves, and clicking "Register"), the account is created with no password but the certificate is connected to that account and only a user with that certificate will be able to connect as that user.
 
  
 
=== Password Set, Certificate in Client ===
 
=== Password Set, Certificate in Client ===
  
If your client has a certificate in it, and you log into an account that has a password on it for the first time, then you will be prompted for a password. Once the correct password is entered, the certificate is attached to that account on the server - any user connecting from that same client certificate will not need a password from that point on.
+
If your client has a certificate in it, and you log into an account that has a password on it for the first time, then you will be prompted for a password. Once the correct password is entered, the certificate is attached to that account on the server - any user connecting from that same client certificate will not need a password from that point on.== Replacing Lost or Expired Certificates ==
 
 
== Replacing Lost or Expired Certificates ==
 
  
 
As stated in the last scenario, if you replace your certificate for some reason then the certificates will not match. If you have a strong certificate (signed by a trusted certificate provider, such as StartSSL) and the email address matches the old one, then the certificate will be updated without a password being required.
 
As stated in the last scenario, if you replace your certificate for some reason then the certificates will not match. If you have a strong certificate (signed by a trusted certificate provider, such as StartSSL) and the email address matches the old one, then the certificate will be updated without a password being required.
Line 27: Line 25:
 
== Getting a Strong Certificate from StartSSL ==
 
== Getting a Strong Certificate from StartSSL ==
  
You can use a strong certificate with Mumble if you have one - most of them are paid, but [https://www.startssl.com/ StartSSL] offers free certificates. Simply visit the [https://www.startssl.com/ StartSSL] website, click the little key up in the right hand side and it'll walk you through the process of creating one and importing it into your browser. If you're using Firefox, you can then export the key by going Tools; Options; Advanced; Encryption and then clicking view certificates. Pick your new certificate and click "Backup", then save it somewhere Mumble can access it.
+
You can use a strong certificate with Mumble if you have one - most of them are paid, but [https://www.startssl.com/ StartSSL] offers free certificates. There are [[Obtaining a StartCom Certificate|instructions on obtaining a strong certificate]].
 
 
Then repeat the Mumble Certificate Wizard, import your new certificate and connect to the server.
 

Revision as of 23:38, 27 July 2010

Authentication Methods

As of version 1.2.0, Mumble supports strong encryption and authentication based on certificates instead of passwords. There are three levels to authentication scenarios in Mumble now:

No Password Set, Certificate in Client

If a client is registered to a user name by another user (or themselves, if privileges allow) from inside the Mumble client (by right clicking on the user, or themselves, and clicking "Register"), the account is created with no password but the certificate is connected to that account and only a user with that certificate will be able to connect as that user.

Password Set, No Certificate in Client

If a user's account is created using an external administration program, a password set, and they have not created a certificate in their client, then Mumble will pretty much just authenticate as with 1.1.x and earlier. The password is not saved, and must be entered every time you connect.

As of 1.2.1, Mumble will always automatically generate a certificate, even if you terminate the certificate wizard - so this scenario is increasingly unlikely.

There's still no way to set a password for an account other than SuperUser from Mumble or Murmur itself - you'll need an administration package to do that. If you don't have one, the next scenario is much more likely.

Password Set, Certificate in Client

If your client has a certificate in it, and you log into an account that has a password on it for the first time, then you will be prompted for a password. Once the correct password is entered, the certificate is attached to that account on the server - any user connecting from that same client certificate will not need a password from that point on.== Replacing Lost or Expired Certificates ==

As stated in the last scenario, if you replace your certificate for some reason then the certificates will not match. If you have a strong certificate (signed by a trusted certificate provider, such as StartSSL) and the email address matches the old one, then the certificate will be updated without a password being required.

If you have another certificate generated by Mumble, then you'll need the password to the account to update your certificate on the server. For this reason, if you're not using account passwords (say, you have no administration package installed), you'll want to make sure you backup your certificate and key and keep them in a safe place.

Getting a Strong Certificate from StartSSL

You can use a strong certificate with Mumble if you have one - most of them are paid, but StartSSL offers free certificates. There are instructions on obtaining a strong certificate.