To create new wiki account, please join us on #znc at Libera.Chat and ask admins to create a wiki account for you. You can say thanks to spambots for this inconvenience.

Sasl: Difference between revisions

From ZNC
Jump to navigation Jump to search
>Mkaysi
m Fix previous edit
>Mkaysi
Undo the failed changes. Please add previw to this wiki.
Line 1: Line 1:
{{Core Module}}
{{Core Module}}


The SASL module allows you to authenticate to an IRC network via [[http://ircv3.net/specs/extensions/sasl-3.1.html|SASL]].
The SASL module allows you to authenticate to an IRC network via SASL.


This module can be used with the [[cert]] module to support the EXTERNAL SASL mechanism. You can do this by setting up a certificate with [[cert]] and then setting the module to use the EXTERNAL mechanism. `/msg *sasl mechanism external`.
This module can be used with the [[cert]] module to support the EXTERNAL SASL mechanism. You can do this by setting up a certificate with [[cert]] and then setting the module to use the EXTERNAL mechanism. `/msg *sasl mechanism external`.

Revision as of 14:27, 15 May 2015


The SASL module allows you to authenticate to an IRC network via SASL.

This module can be used with the cert module to support the EXTERNAL SASL mechanism. You can do this by setting up a certificate with cert and then setting the module to use the EXTERNAL mechanism. `/msg *sasl mechanism external`.

Commands

< *sasl> +=============+===================+===================================================+
< *sasl> | Command     | Arguments         | Description                                       |
< *sasl> +=============+===================+===================================================+
< *sasl> | Help        | search            | Generate this output                              |
< *sasl> +-------------+-------------------+---------------------------------------------------+
< *sasl> | Mechanism   | [mechanism[ ...]] | Set the mechanisms to be attempted (in order)     |
< *sasl> +-------------+-------------------+---------------------------------------------------+
< *sasl> | RequireAuth | [yes|no]          | Don't connect if SASL cannot be authenticated     |
< *sasl> +-------------+-------------------+---------------------------------------------------+
< *sasl> | Set         | username password | Set username and password for the PLAIN mechanism |
< *sasl> +=============+===================+===================================================+
< *sasl> The following mechanisms are available:
< *sasl> +===========+==============================================================================+
< *sasl> | Mechanism | Description                                                                  |
< *sasl> +===========+==============================================================================+
< *sasl> | EXTERNAL  | TLS certificate, for use with the *cert module                               |
< *sasl> +-----------+------------------------------------------------------------------------------+
< *sasl> | PLAIN     | Plain text negotiation, this should work always if the network supports SASL |
< *sasl> +===========+==============================================================================+

Example

Basic configuration of the *sasl module. Note that SASL won't be used until you reconnect to the server.

/query *status
<you> loadmod sasl
<*status> Loaded module [sasl] [/home/znc/.local/lib/znc/sasl.so]
/query *sasl
<you> mechanism plain
<*sasl> Current mechanisms set: PLAIN
<you>  set MyUsername pa$$w0rd
<*sasl> Username has been set to [MyUsername]
<*sasl> Password has been set to [pa$$w0rd]

Note: The password is saved unencrypted, so don't make your ZNC data directory readable to other users! Note: The password is transmitted to IRC server in plain text if you don't use SSL.

Nowadays most of networks support either SASL PLAIN or EXTERNAL. DH-BLOWFISH and DH-AES support were removed due to people believing them to be more secure than SASL PLAIN + SSL which is not the case.

Many networks support SASL including:

  • Athemenet
  • ChatSpike
  • EsperNet
  • Freenode
  • PirateIRC
  • Snoonet