To create new wiki account, please join us on #znc at Libera.Chat and ask admins to create a wiki account for you. You can say thanks to spambots for this inconvenience.

Sasl: Difference between revisions

From ZNC
Jump to navigation Jump to search
>Mkaysi
m Add link to SASL v3.1
>Mkaysi
m Fix previous edit
Line 1: Line 1:
{{Core Module}}
{{Core Module}}


The SASL module allows you to authenticate to an IRC network via [http://ircv3.net/specs/extensions/sasl-3.1.html|SASL].
The SASL module allows you to authenticate to an IRC network via [[http://ircv3.net/specs/extensions/sasl-3.1.html|SASL]].


This module can be used with the [[cert]] module to support the EXTERNAL SASL mechanism. You can do this by setting up a certificate with [[cert]] and then setting the module to use the EXTERNAL mechanism. `/msg *sasl mechanism external`.
This module can be used with the [[cert]] module to support the EXTERNAL SASL mechanism. You can do this by setting up a certificate with [[cert]] and then setting the module to use the EXTERNAL mechanism. `/msg *sasl mechanism external`.

Revision as of 14:25, 15 May 2015


The SASL module allows you to authenticate to an IRC network via [[1]].

This module can be used with the cert module to support the EXTERNAL SASL mechanism. You can do this by setting up a certificate with cert and then setting the module to use the EXTERNAL mechanism. `/msg *sasl mechanism external`.

Commands

< *sasl> +=============+===================+===================================================+
< *sasl> | Command     | Arguments         | Description                                       |
< *sasl> +=============+===================+===================================================+
< *sasl> | Help        | search            | Generate this output                              |
< *sasl> +-------------+-------------------+---------------------------------------------------+
< *sasl> | Mechanism   | [mechanism[ ...]] | Set the mechanisms to be attempted (in order)     |
< *sasl> +-------------+-------------------+---------------------------------------------------+
< *sasl> | RequireAuth | [yes|no]          | Don't connect if SASL cannot be authenticated     |
< *sasl> +-------------+-------------------+---------------------------------------------------+
< *sasl> | Set         | username password | Set username and password for the PLAIN mechanism |
< *sasl> +=============+===================+===================================================+
< *sasl> The following mechanisms are available:
< *sasl> +===========+==============================================================================+
< *sasl> | Mechanism | Description                                                                  |
< *sasl> +===========+==============================================================================+
< *sasl> | EXTERNAL  | TLS certificate, for use with the *cert module                               |
< *sasl> +-----------+------------------------------------------------------------------------------+
< *sasl> | PLAIN     | Plain text negotiation, this should work always if the network supports SASL |
< *sasl> +===========+==============================================================================+

Example

Basic configuration of the *sasl module. Note that SASL won't be used until you reconnect to the server.

/query *status
<you> loadmod sasl
<*status> Loaded module [sasl] [/home/znc/.local/lib/znc/sasl.so]
/query *sasl
<you> mechanism plain
<*sasl> Current mechanisms set: PLAIN
<you>  set MyUsername pa$$w0rd
<*sasl> Username has been set to [MyUsername]
<*sasl> Password has been set to [pa$$w0rd]

Note: The password is saved unencrypted, so don't make your ZNC data directory readable to other users! Note: The password is transmitted to IRC server in plain text if you don't use SSL.

Nowadays most of networks support either SASL PLAIN or EXTERNAL. DH-BLOWFISH and DH-AES support were removed due to people believing them to be more secure than SASL PLAIN + SSL which is not the case.

Many networks support SASL including:

  • Athemenet
  • ChatSpike
  • EsperNet
  • Freenode
  • PirateIRC
  • Snoonet