Every session starts with clicking the avatar in the top- right of any page and entering a username or email + password. The hub validates credentials via a dual auth path.
The account & login identity model
An account is defined by either an external email address, or a hub username (which IS its @ancientholdings.eu address), or both:
- External email only — you registered with e.g.
you@gmail.com. That address is your login. At Baron upgrade you pick a hub username, which is then attached to this same account. - Hub username only — you registered with a bare username (e.g.
cucubau); your account IScucubau@ancientholdings.eu. The mailbox name is reserved from day one and unlocked at Baron upgrade. - Both — an external-email account with an attached hub username. Either identifier signs in to the same account: same role, same nodes, same earnings.
At the login form you may type the bare username — the @ancientholdings.eu part is appended automatically — the full hub address, or the external email. All of them resolve to the one canonical account. Your attached identities are listed on My Profile → Login identities.
Dual authentication
- Mailcow IMAP first (STARTTLS on port 993). Works for Ancient / Modern / Baron whose
@ancientholdings.eumailbox is active — these accounts authenticate against the real mailbox password. - Hub scrypt fallback — if IMAP returns invalid credentials, the hub looks up
clients.password_hashand verifies viacrypto.scrypt. This is how Operators log in: their Mailcow mailbox is reserved-but-inactive (active=0), so IMAP always rejects; the scrypt hash they set at signup is what validates.
On Mailcow unreachable(network error, not invalid-creds) the login short-circuits to HTTP 503 instead of downgrading to scrypt — a mail-server outage shouldn’t silently flip every admin to the fallback channel.
Single-active-scope
Multiple accounts can be added to the same browser session, but only ONE is in scope at a time (Google-style). Switching scope is a cookie-only flip via POST /api/mail/activate — no re-authentication. The validated email + display name land in an encrypted iron-session cookie.
Public self-signup
When an Ancient Admin has opened public registration, anyone can create an Operator-tier account at /signup. Any email works as the login. If the chosen email ends in @ancientholdings.eu, signup reserves the mailbox name on Mailcow with active=0 (inactive until a future Baron activation).
When registration is closed, /signupreturns a friendly “registration is closed” notice; Ancient Admins can still invite operators manually via /admin/admins.
Welcome line
After login, the hub greets you with the display name on your Mailcow mailbox (when set) plus your email: “Welcome George Popescu (codera@ancientholdings.eu)”. Full name is pulled from the session’s active account.