Legacy mode - does not require modded CraftBukkit version.

How does it work?

You run the server in online mode. The requests from the server that normally go to minecraft.net to verify the account are however rerouted to a server you control yourself by editing the hosts file. A script on this server then performs the actual verification with minecraft.net (or some other account service), but always tells the minecraft server that the account is premium.

On login, the server plugin then checks with the script what the "real" status of the account verification was. If it was correct, the user is automatically identified as themselves (and will be asked to set a password if they do not have one already). If it was not, the user is renamed to "player_" to prevent people from kicking each other off, and then asked for their name and password to play, after which they will be renamed to their real username.

Installation instructions

First install the PHP Script (included in the main download) following the instructions listed inside the file itself. You can also rewrite the script in any other language - I just like PHP. It should be simple enough to reproduce in most other languages. (If you write a version for a different language - feel free to sent me a pull request!) The PHP script includes instructions for a lighttpd server config, but can also be made to work on most other servers. Same here: if you have made a config for a different server - feel free to sent me a pull request!

Then change your hosts file to reroute session.minecraft.net to the IP of your server. For instructions on how to do this, google is your friend. Searching for "hosts file edit " should do the trick.

Then install the plugin itself by dropping it into the /plugins/ folder of your bukkit install. An important last step for the legacy mode is to create/change the /plugins/MixedModeAuth/config.yml file, and add this line to it:

legacymode: true

After that, reload your server and make sure to check the server console for any messages (prefixed by [MixedModeAuth]). It should say "enabled in legacy secure mode".