To create new wiki account, please join us on #znc at freenode and ask admins to create a wiki account for you. You can say thanks to spambots for this inconvenience.


From ZNC
Revision as of 10:34, 20 December 2014 by >Mkaysi (Add very easy to follow example.)
Jump to navigation Jump to search

The SASL module allows you to authenticate to an IRC network via SASL.

This module can be used with the cert module to support the EXTERNAL SASL mechanism. You can do this by setting up a certificate with cert and then setting the module to use the EXTERNAL mechanism. `/msg *sasl mechanism external`.


<*sasl> +-------------+-------------------+-----------------------------------------------+
<*sasl> | Command     | Arguments         | Description                                   |
<*sasl> +-------------+-------------------+-----------------------------------------------+
<*sasl> | Help        | search            | Generate this output                          |
<*sasl> | Mechanism   | [mechanism[ ...]] | Set the mechanisms to be attempted (in order) |
<*sasl> | RequireAuth | [yes|no]          | Don't connect if SASL cannot be authenticated |
<*sasl> | Set         | username password | Set the password for DH-BLOWFISH/DH-AES/PLAIN |
<*sasl> +-------------+-------------------+-----------------------------------------------+
<*sasl> The following mechanisms are available:
<*sasl> +-------------+----------------------------------------------------+
<*sasl> | Mechanism   | Description                                        |
<*sasl> +-------------+----------------------------------------------------+
<*sasl> | EXTERNAL    | TLS certificate, for use with the *cert module     |
<*sasl> | DH-BLOWFISH | Secure negotiation using the DH-BLOWFISH mechanism |
<*sasl> | DH-AES      | More secure negotiation using the DH-AES mechanism |
<*sasl> | PLAIN       | Plain text negotiation                             |
<*sasl> +-------------+----------------------------------------------------+


Basic configuration of the *sasl module. Note that SASL won't be used until you reconnect to the server.

/query *status
<you> loadmod sasl
<*status> Loaded module [sasl] [/home/znc/.local/lib/znc/]
/query *sasl
<you> mechanism plain
<*sasl> Current mechanisms set: PLAIN
<you>  set MyUsername pa$$w0rd
<*sasl> Username has been set to [MyUsername]
<*sasl> Password has been set to [pa$$w0rd]

Note: The password is saved unencrypted, so don't make your ZNC data directory readable to other users! Note: The password is transmitted to IRC server in plain text if you don't use SSL.

Nowadays most of networks support either SASL PLAIN or EXTERNAL. DH-BLOWFISH and DH-AES support were removed due to people believing them to be more secure than SASL PLAIN + SSL which is not the case.

Many networks support SASL including:

  • Athemenet
  • ChatSpike
  • EsperNet
  • Freenode
  • PirateIRC
  • Snoonet