minecraft-server/docs/plugins/authme.md

---
name: AuthMe Reloaded
version: "5.7.0-b2660"
license: GPL-3.0
source: github
source_url: https://github.com/AuthMe/AuthMeReloaded/releases/download/5.7.0/AuthMe-5.7.0.jar
acquisition: PLUGINS (direct GH URL)
purpose: Auth on cracked server — prevent coord leaks before login
---

Replaced LoginSecurity (upstream archived, unmaintained). Cracked server requirement — players must register/login before interacting with world.

## Security config

- `teleportUnAuthedToSpawn: true` — TP to auth_limbo on join, not actual location
- `SaveQuitLocation: true` — restore position post-login
- `hideInventory: true` — hides inv from other players until logged in (requires ProtocolLib)
- `allowMovement: false`, `allowedMovementRadius: 0` — locked in place
- `timeout: 60` — kick if no login within 60s
- Spawn world: `auth_limbo` (void END-type dimension, sealed 3×3×4 barrier cube at 0,128,0)

## Post-login hook

`commands.yml` — onLogin/onFirstLogin/onSessionLogin all run:
```
mvtp %p world   (CONSOLE, delay: 5 ticks)
```

## Notes

- `auth_limbo`: END dimension, no structures, no ender dragon, void floor — players see black void, cannot move
- ProtocolLib required for inventory hide feature
-												Initial commit: racked.ru Minecraft server config snapshot

Captures live config state of nullstone Purpur 1.21.11 server:
- docker-compose.yml (itzg/minecraft-server image, MODRINTH_PROJECTS + PLUGINS lists)
- All plugin configs under live-server/plugins/ (no DBs, no jars, no world data)
- Server core: bukkit.yml, spigot.yml, purpur.yml, paper-global.yml, paper-world-defaults.yml, server.properties

Excluded via .gitignore:
- World data (world/, world_nether/, world_the_end/, auth_limbo/)
- Sensitive: AuthMe DB (password hashes), Lands DB, CoreProtect DB, Essentials userdata
- Jars (auto-fetched), logs, caches, .paper-remapped

											
										
										
											2026-04-30 18:33:38 +01:00
+								---
 								name: AuthMe Reloaded
 								version: "5.7.0-b2660"
 								license: GPL-3.0
 								source: github
 								source_url: https://github.com/AuthMe/AuthMeReloaded/releases/download/5.7.0/AuthMe-5.7.0.jar
 								acquisition: PLUGINS (direct GH URL)
 								purpose: Auth on cracked server — prevent coord leaks before login
 								---
 								Replaced LoginSecurity (upstream archived, unmaintained). Cracked server requirement — players must register/login before interacting with world.
 								## Security config
 								- `teleportUnAuthedToSpawn: true` — TP to auth_limbo on join, not actual location
 								- `SaveQuitLocation: true` — restore position post-login
 								- `hideInventory: true` — hides inv from other players until logged in (requires ProtocolLib)
 								- `allowMovement: false`, `allowedMovementRadius: 0` — locked in place
 								- `timeout: 60` — kick if no login within 60s
 								- Spawn world: `auth_limbo` (void END-type dimension, sealed 3×3×4 barrier cube at 0,128,0)
 								## Post-login hook
 								`commands.yml` — onLogin/onFirstLogin/onSessionLogin all run:
 								```
 								mvtp %p world   (CONSOLE, delay: 5 ticks)
 								```
 								## Notes
 								- `auth_limbo`: END dimension, no structures, no ender dragon, void floor — players see black void, cannot move
 								- ProtocolLib required for inventory hide feature