mirror of
https://github.com/mikaela/mikaela.github.io/
synced 2024-12-29 06:42:33 +01:00
Mikaela Suomalainen
9351e09a4a
* ZNC had to have network name removed to avoid rewriting history. * Keeping the ops opped is linked too widely and I just added a note that it also applies to LiberaChat directly * umode+g I don't feel good about so I just removed it directly, I am not who I was in 2015. * references to it had to go away too * LiberaChat runs Charybdis fork which removes the weird cmode +p behaviour to my knowledge * Stagefright also couldn't have history changed so I just removed broken link and said it's now at LiberaChat * ... * TeleIRC instead of TeleMatrix had to go away, neither project is alive and due to freenode/LiberaChat situation living, I will hopefully update it to Matterbridge and more recent solutions in the future. TODO! Also RELAYMSG exists. * links2: mostly dead links, but change network name * r/chanserv: the link was dead * r/mer-meeting: I don't think anyone uses that link and I have no idea if they are staying on freenode * r/telefreenode.md: I imagine everyone has took anything useful from there a long time ago
75 lines
2.3 KiB
Markdown
75 lines
2.3 KiB
Markdown
---
|
|
layout: post
|
|
comments: true
|
|
title: "WeeChat: easy instructions for using SASL"
|
|
category: [english]
|
|
tags: [irc, english]
|
|
redirect_from:
|
|
- /weechat-sasl.html
|
|
- /english/2015/03/26/weechat-sasl-simply.html
|
|
---
|
|
|
|
This seems to confuse many WeeChat users, so I will try to explain it more
|
|
simply as I am repeating myself everywhere about this same thing.
|
|
|
|
SASL is mechanism for identifying to services at IRC automatically even
|
|
before you are visible to the network.
|
|
|
|
* * * * *
|
|
|
|
First set mechanism as plain if you have it as anything else. Many people
|
|
have it as DH- something which are insecure and is removed from more modern
|
|
services packages. More about that:
|
|
|
|
* [On the security of SASL DH-BLOWFISH (at nullroute.eu.org)](https://nullroute.eu.org/~grawity/irc-sasl-dh.html)
|
|
* [Do not use or provide DH-AES or DH-BLOWFISH for SASL/IAL authentication (at kaniini.dereferenced.org)](https://kaniini.dereferenced.org/2014/12/26/do-not-use-DH-AES-or-DH-BLOWFISH.html)
|
|
|
|
```
|
|
/set irc.server_default.sasl_mechanism PLAIN
|
|
```
|
|
|
|
PLAIN is simple "login using username and password" mechanism that sends
|
|
the username and password in plaintext which isn't an issue if you also use
|
|
SSL (like you should) and trust the server (and
|
|
**use different password everywhere**).
|
|
|
|
Then simply set your username and password
|
|
|
|
```
|
|
/unset irc.server.NETWORK.sasl_mechanism
|
|
/set irc.server.NETWORK.sasl_username REGISTERED_NICKNAME
|
|
/set irc.server.NETWORK.sasl_password PASSWORD
|
|
/save
|
|
```
|
|
|
|
*Replace NETWORK with the name of network that you have in WeeChat, for
|
|
example `liberachat`.*
|
|
|
|
And now after `/reconnect` you should be identified automatically using
|
|
SASL, but you might also ensure that you use SSL.
|
|
|
|
## Using SSL
|
|
|
|
Change your address to use SSL port and enable SSL for the network:
|
|
|
|
```
|
|
/set irc.server.liberachat.addresses irc.libera.chat/6697
|
|
/set irc.server.liberachat.ssl on
|
|
/save
|
|
```
|
|
|
|
*Note: SSL does nothing until you `/reconnect`*
|
|
|
|
*6697 is the [standard SSL port](https://tools.ietf.org/html/rfc7194).*
|
|
|
|
liberachat has valid SSL certificate, but if it didn't, you would have two
|
|
choises:
|
|
|
|
1. Trust the fingerprints manually using
|
|
`irc.server.NETWORK.ssl_fingerprint`, see [this post].
|
|
2. Disable SSL certificate checking using
|
|
`/set irc.server.NETWORK.ssl_verify off` **NOT RECOMMENDED**, see
|
|
[this post].
|
|
|
|
[this post]:{% post_url blog/2015-02-24-znc160-ssl %}
|