-
Notifications
You must be signed in to change notification settings - Fork 27
Automatically authenticating to NickServ
This article is targeted at connecting to Freenode, but the concepts should translate to other servers.
SASL is configured under the sasl: key in a server configuration. Three mechanisms are supported as shown below.
Authenticate using a username and password sent to the server.
* name: "fn"
hostname: "chat.freenode.net"
nick: "mynick"
sasl:
mechanism: plain -- this line is optional
username: "myaccount"
password: "mypassword"
Loading a password using a keychain manager is possible using the command: field. This example uses macOS's built-in keychain support.
sasl:
username: "myaccount"
password: command: ["security", "find-generic-password", "-s", "Freenode", "-w"]
Freenode also supports authentication using a public/private key pair using ECDSA-NIST256p-CHALLENGE. To configure this you'll need ecdsatool.
Assign your public key to NickServ
/msg NickServ SET PUBKEY <THEPUBLICKEY>
Update your configuration file. Remember that relative paths are relative to the configuration file.
* name: "fn"
hostname: "chat.freenode.net"
nick: "myaccount"
sasl:
mechanism: ecdsa-nist256p-challenge
username: "myaccount"
private-key: "path/to/key.pem"
You can authenticate to NickServ via the TLS layer using TLS client certificates. The process is documented in the CertFP article on Freenode.
/msg NickServ CERT ADD
* name : "fn"
hostname : "chat.freenode.net"
nick : "mynick"
sasl: mechanism: external
tls : yes
tls-client-cert: "path/to/cert.pem"
tis-client-key : "path/to/key.pem" -- optional if key is stored in cert file
To authenticate to NickServ during the connection process you can specify your username and password in your configuration file as part of the server setting.
Required configuration: sasl-username: <username>, sasl-password: <password>
* name : "fn"
hostname : "chat.freenode.net"
nick : "mynick"
sasl-username : "myaccount"
sasl-password : "mypassword"
Freenode also supports authentication using a public/private key pair using ECDSA-NIST256p-CHALLENGE. To configure this you'll need ecdsatool.
Assign your public key to NickServ
/msg NickServ SET PUBKEY <THEPUBLICKEY>
Update your configuration file. Remember that relative paths are relative to the configuration file.
Required configuration: sasl-username: <username>, sasl-ecdsa-key: <filepath>
* name : "fn"
hostname : "chat.freenode.net"
nick : "myaccount"
sasl-username : "myaccount"
sasl-ecdsa-key : "path/to/key.pem"
You can authenticate to NickServ via the TLS layer using TLS client certificates. The process is documented in the CertFP article on Freenode.
Required configuration: tls: yes, sasl-username: <username>, tls-client-cert: <filepath>
/msg NickServ CERT ADD <CERTIFICATEFINGERPRINT>
* name : "fn"
hostname : "chat.freenode.net"
nick : "mynick"
sasl-username : "myaccount"
tls : yes
tls-client-cert: "path/to/cert.pem"
tis-client-key : "path/to/key.pem" -- optional if key is stored in cert file