To create new wiki account, please join us on #znc at Libera.Chat and ask admins to create a wiki account for you. You can say thanks to spambots for this inconvenience.

Sasl: Difference between revisions

From ZNC
Jump to navigation Jump to search
KindOne (talk | contribs)
Include some networks that have sasl support.
KindOne (talk | contribs)
Update Sasl to match 1.2 output.
Line 6: Line 6:


===Commands===
===Commands===
<pre>
 
+-------------+-------------------+-----------------------------------------------+
<*sasl> +-------------+-------------------+-----------------------------------------------+
| Command    | Arguments        | Description                                  |
<*sasl> | Command    | Arguments        | Description                                  |
+-------------+-------------------+-----------------------------------------------+
<*sasl> +-------------+-------------------+-----------------------------------------------+
| Help        | search            | Generate this output                          |
<*sasl> | Help        | search            | Generate this output                          |
| Mechanism  | [mechanism[ ...]] | Set the mechanisms to be attempted (in order) |
<*sasl> | Mechanism  | [mechanism[ ...]] | Set the mechanisms to be attempted (in order) |
| RequireAuth | [yes|no]          | Don't connect if SASL cannot be authenticated |
<*sasl> | RequireAuth | [yes|no]          | Don't connect if SASL cannot be authenticated |
| Set        | username password | Set the password for DH-BLOWFISH/PLAIN       |
<*sasl> | Set        | username password | Set the password for DH-BLOWFISH/DH-AES/PLAIN |
+-------------+-------------------+-----------------------------------------------+
<*sasl> +-------------+-------------------+-----------------------------------------------+
The following mechanisms are available:
<*sasl> The following mechanisms are available:
+-------------+------------------------------------------------+
<*sasl> +-------------+----------------------------------------------------+
| Mechanism  | Description                                   |
<*sasl> | Mechanism  | Description                                       |
+-------------+------------------------------------------------+
<*sasl> +-------------+----------------------------------------------------+
| EXTERNAL    | TLS certificate, for use with the *cert module |
<*sasl> | EXTERNAL    | TLS certificate, for use with the *cert module     |
| DH-BLOWFISH |                                               |
<*sasl> | DH-BLOWFISH | Secure negotiation using the DH-BLOWFISH mechanism |
| PLAIN      | Plain text negotiation                         |
<*sasl> | DH-AES      | More secure negotiation using the DH-AES mechanism |
+-------------+------------------------------------------------+
<*sasl> | PLAIN      | Plain text negotiation                             |
</pre>
<*sasl> +-------------+----------------------------------------------------+
 
Example:
/msg *sasl set username password
/msg *sasl mechanism DH-BLOWFISH


'''Note:''' The password is saved unencrypted, so don't make your ZNC data directory readable to other users!
'''Note:''' The password is saved unencrypted, so don't make your ZNC data directory readable to other users!

Revision as of 00:27, 5 November 2013


The SASL module allows you to authenticate to an IRC network via SASL.

This module can be used with the cert module to support the EXTERNAL SASL mechanism. You can do this by setting up a certificate with cert and then setting the module to use the EXTERNAL mechanism. `/msg *sasl mechanism external`.

Commands

<*sasl> +-------------+-------------------+-----------------------------------------------+
<*sasl> | Command     | Arguments         | Description                                   |
<*sasl> +-------------+-------------------+-----------------------------------------------+
<*sasl> | Help        | search            | Generate this output                          |
<*sasl> | Mechanism   | [mechanism[ ...]] | Set the mechanisms to be attempted (in order) |
<*sasl> | RequireAuth | [yes|no]          | Don't connect if SASL cannot be authenticated |
<*sasl> | Set         | username password | Set the password for DH-BLOWFISH/DH-AES/PLAIN |
<*sasl> +-------------+-------------------+-----------------------------------------------+
<*sasl> The following mechanisms are available:
<*sasl> +-------------+----------------------------------------------------+
<*sasl> | Mechanism   | Description                                        |
<*sasl> +-------------+----------------------------------------------------+
<*sasl> | EXTERNAL    | TLS certificate, for use with the *cert module     |
<*sasl> | DH-BLOWFISH | Secure negotiation using the DH-BLOWFISH mechanism |
<*sasl> | DH-AES      | More secure negotiation using the DH-AES mechanism |
<*sasl> | PLAIN       | Plain text negotiation                             |
<*sasl> +-------------+----------------------------------------------------+

Example:

/msg *sasl set username password
/msg *sasl mechanism DH-BLOWFISH

Note: The password is saved unencrypted, so don't make your ZNC data directory readable to other users!

The following networks support sasl:

  • ChatSpile
  • EsperNet
  • Freenode
  • PirateIRC
  • Snoonet