From 46d32520c7fb839d3c4512f9d017d0d87f11d6c2 Mon Sep 17 00:00:00 2001 From: Shivaram Lingamneni Date: Wed, 11 Jan 2023 09:10:25 -0500 Subject: [PATCH] recommended default: advertise SCRAM Fixes #1782 --- default.yaml | 4 ++++ irc/config.go | 3 +-- traditional.yaml | 4 ++++ 3 files changed, 9 insertions(+), 2 deletions(-) diff --git a/default.yaml b/default.yaml index a48eedc1..d366a950 100644 --- a/default.yaml +++ b/default.yaml @@ -450,6 +450,10 @@ accounts: # this is useful for compatibility with old clients that don't support SASL login-via-pass-command: true + # advertise the SCRAM-SHA-256 authentication method. set to false in case of + # compatibility issues with certain clients: + advertise-scram: true + # require-sasl controls whether clients are required to have accounts # (and sign into them using SASL) to connect to the server require-sasl: diff --git a/irc/config.go b/irc/config.go index 79aa7da8..c7605c93 100644 --- a/irc/config.go +++ b/irc/config.go @@ -303,7 +303,7 @@ func (t *ThrottleConfig) UnmarshalYAML(unmarshal func(interface{}) error) (err e type AccountConfig struct { Registration AccountRegistrationConfig AuthenticationEnabled bool `yaml:"authentication-enabled"` - AdvertiseSCRAM bool `yaml:"advertise-scram"` // undocumented, see #1782 + AdvertiseSCRAM bool `yaml:"advertise-scram"` RequireSasl struct { Enabled bool Exempted []string @@ -1390,7 +1390,6 @@ func LoadConfig(filename string) (config *Config, err error) { } saslCapValue := "PLAIN,EXTERNAL,SCRAM-SHA-256" - // TODO(#1782) clean this up: if !config.Accounts.AdvertiseSCRAM { saslCapValue = "PLAIN,EXTERNAL" } diff --git a/traditional.yaml b/traditional.yaml index 7340cbe2..db1b3b39 100644 --- a/traditional.yaml +++ b/traditional.yaml @@ -423,6 +423,10 @@ accounts: # this is useful for compatibility with old clients that don't support SASL login-via-pass-command: false + # advertise the SCRAM-SHA-256 authentication method. set to false in case of + # compatibility issues with certain clients: + advertise-scram: true + # require-sasl controls whether clients are required to have accounts # (and sign into them using SASL) to connect to the server require-sasl: