To create new wiki account, please join us on #znc at Libera.Chat and ask admins to create a wiki account for you. You can say thanks to spambots for this inconvenience.

Sasl: Difference between revisions

From ZNC
Jump to navigation Jump to search
>TingPing
mNo edit summary
>Mkaysi
Add very easy to follow example.
Line 25: Line 25:
  <*sasl> +-------------+----------------------------------------------------+
  <*sasl> +-------------+----------------------------------------------------+


Example:
===Example===
  /msg *sasl set MyUsername pa$$w0rd
 
Basic configuration of the *sasl module. Note that SASL won't be used until you reconnect to the server.
 
/query *status
<you> loadmod sasl
<*status> Loaded module [sasl] [/home/znc/.local/lib/znc/sasl.so]
/query *sasl
<you> mechanism plain
<*sasl> Current mechanisms set: PLAIN
  <you>  set MyUsername pa$$w0rd
<*sasl> Username has been set to [MyUsername]
<*sasl> Password has been set to [pa$$w0rd]


'''Note:''' The password is saved unencrypted, so don't make your ZNC data directory readable to other users!
'''Note:''' The password is saved unencrypted, so don't make your ZNC data directory readable to other users!
'''Note:''' The password is transmitted to IRC server in plain text if you don't use SSL.
Nowadays most of networks support either SASL PLAIN or EXTERNAL. DH-BLOWFISH and DH-AES support were removed due to people believing them to be more secure than SASL PLAIN + SSL which is not the case.


Many networks support SASL including:
Many networks support SASL including:

Revision as of 10:34, 20 December 2014


The SASL module allows you to authenticate to an IRC network via SASL.

This module can be used with the cert module to support the EXTERNAL SASL mechanism. You can do this by setting up a certificate with cert and then setting the module to use the EXTERNAL mechanism. `/msg *sasl mechanism external`.

Commands

<*sasl> +-------------+-------------------+-----------------------------------------------+
<*sasl> | Command     | Arguments         | Description                                   |
<*sasl> +-------------+-------------------+-----------------------------------------------+
<*sasl> | Help        | search            | Generate this output                          |
<*sasl> | Mechanism   | [mechanism[ ...]] | Set the mechanisms to be attempted (in order) |
<*sasl> | RequireAuth | [yes|no]          | Don't connect if SASL cannot be authenticated |
<*sasl> | Set         | username password | Set the password for DH-BLOWFISH/DH-AES/PLAIN |
<*sasl> +-------------+-------------------+-----------------------------------------------+
<*sasl> The following mechanisms are available:
<*sasl> +-------------+----------------------------------------------------+
<*sasl> | Mechanism   | Description                                        |
<*sasl> +-------------+----------------------------------------------------+
<*sasl> | EXTERNAL    | TLS certificate, for use with the *cert module     |
<*sasl> | DH-BLOWFISH | Secure negotiation using the DH-BLOWFISH mechanism |
<*sasl> | DH-AES      | More secure negotiation using the DH-AES mechanism |
<*sasl> | PLAIN       | Plain text negotiation                             |
<*sasl> +-------------+----------------------------------------------------+

Example

Basic configuration of the *sasl module. Note that SASL won't be used until you reconnect to the server.

/query *status
<you> loadmod sasl
<*status> Loaded module [sasl] [/home/znc/.local/lib/znc/sasl.so]
/query *sasl
<you> mechanism plain
<*sasl> Current mechanisms set: PLAIN
<you>  set MyUsername pa$$w0rd
<*sasl> Username has been set to [MyUsername]
<*sasl> Password has been set to [pa$$w0rd]

Note: The password is saved unencrypted, so don't make your ZNC data directory readable to other users! Note: The password is transmitted to IRC server in plain text if you don't use SSL.

Nowadays most of networks support either SASL PLAIN or EXTERNAL. DH-BLOWFISH and DH-AES support were removed due to people believing them to be more secure than SASL PLAIN + SSL which is not the case.

Many networks support SASL including:

  • Athemenet
  • ChatSpike
  • EsperNet
  • Freenode
  • PirateIRC
  • Snoonet