Disable SteamAuthstringValidation config option by default (bug 5791, r=psychonic).

configs/core.cfg

@@ -112,9 +112,9 @@
 	 * If set to yes, SourceMod will validate steamid auth strings with the Steam backend before giving out admin access.
 	 * This can prevent malicious users from impersonating admins with stolen Steam apptickets.
 	 * If Steam is down, admins will not be authenticated until Steam comes back up.
-	 * In general, this option should be set to "yes" to increase the security of your server.
+	 * This option increases the security of your server, but is still experimental.
 	 */
-	"SteamAuthstringValidation"	"yes"
+	"SteamAuthstringValidation"	"no"
 	
 	/**
 	 * Enables or disables whether SourceMod blocks known or potentially malicious plugins from loading.

core/PlayerManager.cpp

@@ -116,7 +116,7 @@ PlayerManager::PlayerManager()
 	m_SourceTVUserId = -1;
 	m_ReplayUserId = -1;
 
-	m_bAuthstringValidation = true; // use steam auth by default
+	m_bAuthstringValidation = false; // don't use steam auth by default... yet
 
 	m_UserIdLookUp = new int[USHRT_MAX+1];
 	memset(m_UserIdLookUp, 0, sizeof(int) * (USHRT_MAX+1));