To create new wiki account, please join us on #znc at freenode and ask admins to create a wiki account for you. You can say thanks to spambots for this inconvenience.

Sasl

From ZNC
Revision as of 14:25, 15 May 2015 by Mkaysi (talk) (Fix previous edit)
Jump to: navigation, search


The SASL module allows you to authenticate to an IRC network via [[1]].

This module can be used with the cert module to support the EXTERNAL SASL mechanism. You can do this by setting up a certificate with cert and then setting the module to use the EXTERNAL mechanism. `/msg *sasl mechanism external`.

Commands

< *sasl> +=============+===================+===================================================+
< *sasl> | Command     | Arguments         | Description                                       |
< *sasl> +=============+===================+===================================================+
< *sasl> | Help        | search            | Generate this output                              |
< *sasl> +-------------+-------------------+---------------------------------------------------+
< *sasl> | Mechanism   | [mechanism[ ...]] | Set the mechanisms to be attempted (in order)     |
< *sasl> +-------------+-------------------+---------------------------------------------------+
< *sasl> | RequireAuth | [yes|no]          | Don't connect if SASL cannot be authenticated     |
< *sasl> +-------------+-------------------+---------------------------------------------------+
< *sasl> | Set         | username password | Set username and password for the PLAIN mechanism |
< *sasl> +=============+===================+===================================================+
< *sasl> The following mechanisms are available:
< *sasl> +===========+==============================================================================+
< *sasl> | Mechanism | Description                                                                  |
< *sasl> +===========+==============================================================================+
< *sasl> | EXTERNAL  | TLS certificate, for use with the *cert module                               |
< *sasl> +-----------+------------------------------------------------------------------------------+
< *sasl> | PLAIN     | Plain text negotiation, this should work always if the network supports SASL |
< *sasl> +===========+==============================================================================+

Example

Basic configuration of the *sasl module. Note that SASL won't be used until you reconnect to the server.

/query *status
<you> loadmod sasl
<*status> Loaded module [sasl] [/home/znc/.local/lib/znc/sasl.so]
/query *sasl
<you> mechanism plain
<*sasl> Current mechanisms set: PLAIN
<you>  set MyUsername pa$$w0rd
<*sasl> Username has been set to [MyUsername]
<*sasl> Password has been set to [pa$$w0rd]

Note: The password is saved unencrypted, so don't make your ZNC data directory readable to other users! Note: The password is transmitted to IRC server in plain text if you don't use SSL.

Nowadays most of networks support either SASL PLAIN or EXTERNAL. DH-BLOWFISH and DH-AES support were removed due to people believing them to be more secure than SASL PLAIN + SSL which is not the case.

Many networks support SASL including:

  • Athemenet
  • ChatSpike
  • EsperNet
  • Freenode
  • PirateIRC
  • Snoonet