| This module is a part of ZNC.
This module is shipped with ZNC by default. If you have the right "LoadMod" you can activate it with
The code for this module can be found here. This module is part of ZNC since Version 1.0
This module supports the EXTERNAL SASL mechanism if you set up a certificate with the cert module. Once cert is properly enabled and setup, you can set the SASL module to use the EXTERNAL mechanism.
|Because it is frequently asked, please note that the freenode IRC network does support both SASL and cert, but does not support the EXTERNAL mechanism. Freenode only supports the PLAIN mechanism. There's no problem with sending an unencrypted password inside an SSL secured connection, so if you're using SSL you probably don't need to bother worrying about anything other than the PLAIN mechanism.|
/msg *sasl Help [<search term>]
- Generate this help output, optionally search for word/phrase in this output.
/msg *sasl Mechanism [mechanism[ ...]]
- Set the mechanisms to be attempted (in order). The following mechanisms are available:
/msg *sasl RequireAuth [yes|no]
- Don't connect unless SASL authentication succeeds
/msg *sasl Set <username> [<password>]
- Set username and password for the mechanisms that need them. Password is optional
Basic configuration of the *sasl module. First, be sure the SASL module is loaded:
/query *status loadmod sasl <*status> Loaded module [sasl] [/home/znc/.local/lib/znc/sasl.so]
Configure the module:
/query *sasl mechanism external plain <*sasl> Current mechanisms set: EXTERNAL PLAIN set MyNickservName pa$$w0rd <*sasl> Username has been set to [MyNickservName] <*sasl> Password has been set to [pa$$w0rd]
SASL won't be used until you reconnect to the server:
/query *status jump <*status> Jumping to the next server in the list...
- Please note
- The password is saved unencrypted, so don't make your ZNC data directory readable to other users! If you are using a ZNC bouncer provided by someone else, be sure you trust them with your password.
- If you don't use SSL, the password is transmitted to the IRC server in plain text. There's no problem with sending an unencrypted password inside an SSL secured connection, so if you're using SSL you probably don't need to bother worrying about anything other than the PLAIN mechanism.
- Nowadays, most networks support either SASL PLAIN or EXTERNAL. DH-BLOWFISH and DH-AES support were removed due to people believing them to be more secure than SASL PLAIN + SSL, which is not the case. If you use SASL PLAIN with an SSL connection, you'll be fine.
Support for SASL
Many networks support SASL, including:
A network not listed here may or may not support SASL.