Mikaela/mikaela.github.io
1
0
Fork 0
mirror of https://github.com/mikaela/mikaela.github.io/ synced 2024-11-20 11:09:28 +01:00
Code Issues Projects Releases Wiki Activity
2bc6623cf7
mikaela.github.io/blog/_posts/2015-03-26-weechat-sasl-simply.md
Mikaela Suomalainen 9351e09a4a
Quickly point freenode -> LiberaChat where applicable 
* ZNC had to have network name removed to avoid rewriting history.
* Keeping the ops opped is linked too widely and I just added a note
  that it also applies to LiberaChat directly
* umode+g I don't feel good about so I just removed it directly, I am
  not who I was in 2015.
  * references to it had to go away too
* LiberaChat runs Charybdis fork which removes the weird cmode +p
  behaviour to my knowledge
* Stagefright also couldn't have history changed so I just removed
  broken link and said it's now at LiberaChat
* ...
* TeleIRC instead of TeleMatrix had to go away, neither project is alive
  and due to freenode/LiberaChat situation living, I will hopefully
  update it to Matterbridge and more recent solutions in the future.
  TODO! Also RELAYMSG exists.
* links2: mostly dead links, but change network name
* r/chanserv: the link was dead
* r/mer-meeting: I don't think anyone uses that link and I have no idea
  if they are staying on freenode
* r/telefreenode.md: I imagine everyone has took anything useful from
  there a long time ago
2021-05-23 14:10:38 +03:00

75 lines
2.3 KiB
Markdown
Raw Blame History

---
layout: post
comments: true
title: "WeeChat: easy instructions for using SASL"
category: [english]
tags: [irc, english]
redirect_from:
- /weechat-sasl.html
- /english/2015/03/26/weechat-sasl-simply.html
---
This seems to confuse many WeeChat users, so I will try to explain it more
simply as I am repeating myself everywhere about this same thing.
SASL is mechanism for identifying to services at IRC automatically even
before you are visible to the network.
* * * * *
First set mechanism as plain if you have it as anything else. Many people
have it as DH- something which are insecure and is removed from more modern
services packages. More about that:
* [On the security of SASL DH-BLOWFISH (at nullroute.eu.org)](https://nullroute.eu.org/~grawity/irc-sasl-dh.html)
* [Do not use or provide DH-AES or DH-BLOWFISH for SASL/IAL authentication (at kaniini.dereferenced.org)](https://kaniini.dereferenced.org/2014/12/26/do-not-use-DH-AES-or-DH-BLOWFISH.html)
```
/set irc.server_default.sasl_mechanism PLAIN
```
PLAIN is simple "login using username and password" mechanism that sends
the username and password in plaintext which isn't an issue if you also use
SSL (like you should) and trust the server (and
**use different password everywhere**).
Then simply set your username and password
```
/unset irc.server.NETWORK.sasl_mechanism
/set irc.server.NETWORK.sasl_username REGISTERED_NICKNAME
/set irc.server.NETWORK.sasl_password PASSWORD
/save
```
*Replace NETWORK with the name of network that you have in WeeChat, for
example `liberachat`.*
And now after `/reconnect` you should be identified automatically using
SASL, but you might also ensure that you use SSL.
## Using SSL
Change your address to use SSL port and enable SSL for the network:
```
/set irc.server.liberachat.addresses irc.libera.chat/6697
/set irc.server.liberachat.ssl on
/save
```
*Note: SSL does nothing until you `/reconnect`*
*6697 is the [standard SSL port](https://tools.ietf.org/html/rfc7194).*
liberachat has valid SSL certificate, but if it didn't, you would have two
choises:
1. Trust the fingerprints manually using
`irc.server.NETWORK.ssl_fingerprint`, see [this post].
2. Disable SSL certificate checking using
`/set irc.server.NETWORK.ssl_verify off` **NOT RECOMMENDED**, see
[this post].
[this post]:{% post_url blog/2015-02-24-znc160-ssl %}
Reference in New Issue View Git Blame Copy Permalink